Bank of America and Passmark SiteKey: Trouble in Paradise?

On May 15, 2006, Ziff Davis Publishing’s Baseline Magazine published an eye-opening commentary on some of the problems Bank of America has been experiencing with Passmark SiteKey (See: article)

With significant increases in customer support calls reported, widespread customer resistance, and hints of ongoing implementation and maintenance problems, it appears that Passmark SiteKey may be creating more headaches for Bank of America than it has solved.

Significant increase in support calls reported: In the Baseline Magazine report, Katherine Claypool, Bank of America’s senior vice president of e-commerce and customer support solutions, states that once the bank made SiteKey mandatory for its customers, support calls to the bank increased 25%. While declining to specify the cost of SiteKey or provide the actual number of complaints the bank had received, the magazine did report the bank attributes the jump in customer service calls to “irrational customer behavior” such as answering SiteKey?s secret questions with nonsense and other customer behavior that the bank didn’t anticipate.

Other examples of what the bank deems ?irrational customer behavior? include the bank’s customers rushing through the registration process by typing random answers to the secret questions and then calling customer support because they couldn’t remember what they had typed. Other customers shared their SiteKey images with family and friends without also sharing their answers to the secret questions. The bank states it is taking additional steps to curb such behavior and ?impress upon customers that they have to take SiteKey seriously?. To accomplish this, they report they are ?tinkering with SiteKey?, creating smarter secret questions, automatically resetting customer passwords, and improving the wording on their websites.

Attempted phishing attacks have not decreased: Bank of America?s customers might find it easier to take SiteKey seriously if it weren?t for the fact that they continue to be victimized by phishing attacks. Although SiteKey has been in operation for over a year, Baseline magazine asserts “attempted phishing attacks have not decreased” against the bank. One fraud tracking organization the magazine contacted reported no less than 350 attempted phishing attacks launched against the bank since December of 2004.

Recently, the Seattle Post Intelligencer reported on yet another rash of thefts against Bank of America customers (See: article). Seattle police have been taking “a lot” of calls and reports involving Bank of America customers, said police spokeswoman Debra Brown. She could not provide a specific number of complaints, but added that while officers routinely get calls about financial fraud involving a variety of banks, people had been reporting an unusual number of Bank of America-specific thefts.

Hints of ongoing maintenance and support problems: In its article, Baseline Magazine reports the bank has acknowleged that phishers have been ?evolving their tactics to beat SiteKey? and that this has forced the bank to continually work to “advance the software”, a statement that hints suspiciously of ongoing maintenance and support problems. These problems were first hinted at in October of 2005 when PCWorld reported Bank of America’s rollout of SiteKey had “hit a snag” and was being delayed yet again (See: article).