CNet News reports on a discussion at the RSA security conference on privacy in online banking.
A widely used technology to authenticate users when they log in for online banking may help reduce fraud, but it does so at the expense of consumer privacy, a civil liberties attorney said during a panel at the RSA security conference on Thursday.
When logging into bank Web sites, users are typically asked for their user name and password. But that’s not all that is happening. Behind the scenes, the server is taking measures to identify the device being used in an attempt to verify that the person logging in is the person whose account is being accessed under the assumption that most people use the same computer for banking.
Wachovia, which recently merged with Wells Fargo, tags the consumer’s computer with a unique identifier, said Chris Mathes, an information technology specialist in online customer protection at the bank. […]
Even though none of the information gathered during a log-in is personally identifiable, the bank shouldn’t have to collect regular data on when, how often and from where a consumer accesses a bank account, said Jennifer Granick of the Electronic Frontier Foundation. Such information can be compiled with other more sensitive information to create profiles and cross referenced to learn more about consumers, she said.
For instance, the bank could learn who a consumer’s roommate is if the same computer is used regularly to access different accounts, Granick said. Consumers also could be deemed suspicious for breaking with their patterns on deposits or withdrawals or the information could be sold to advertisers, she added.