We were reading an interesting article in Kiplinger’s about various strategies that major banks are using to improve security when we were startled by this snippet about the effectiveness of Bank of America’s security system. (Bank of America asks users to choose and then verify an identifying image and phrase before logging in):

When researchers at Harvard University and the Massachusetts Institute of Technology studied the anti-fraud image system used by Bank of America, they found that 58 out of 60 users still logged on to a phony Web site that did not display the images that the users had selected. The system raises the bar for criminals, says Rachna Dhamija, one of the researchers who conducted the study, but “if users don’t comply, it’s entirely ineffective. They are going to be giving out their credentials to the wrong Web sites.”

58 out of 60!? We knew people were vulnerable to phishing operations, but that number is just sad. Get to know your bank’s security features and, for heaven’s sake, look for them when you log in. There’s no reason 58 out of 60 people should be falling for an obviously fake site with incorrect security features. Looks like it might be back to the drawing board for Bank of America.—MEGHANN MARCO

Passwords + Pictures = Security? [Kiplinger’s]
(Photo: Meghann Marco)

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.