Transferring some money? OK. First, what’s your favorite movie?

Customers of St. Paul-based Western Bank will soon have to jump through a few extra hoops to log into their accounts online.

In addition to their standard username and password, customers at the bank will be instructed to choose a picture from a list of pre-selected options — puppies, butterflies, sunsets, etc — and to make up a phrase, such as “How now brown cow.” They’ll also have to answer questions about their favorite movie or where they went to high school.

The extra steps are intended to make online banking more secure and guard against instances of identity theft and fraud.

Over the next few months, just about all banks will be asking for a little something extra from their customers. Some, like Western, will ask additional questions. Others will require customers to use a token, like a key fob, or their fingerprints to sign into their accounts electronically.

The changes stem from a mandate handed down from federal regulators last year to banks and credit unions to improve the systems that customers use to view and manipulate their accounts online.

About 87.3 million U.S. adults bank online, according to Gartner, the market-research firm. That number could be higher if more people believed online banking was safe.

In 2005, more than 3,000 Minnesotans reported being victims of identity theft, according to the Federal Trade Commission. Twenty-seven percent of those crimes involved bank fraud, a greater proportion than reported nationally, where 17 percent of identity-theft incidents involved bank fraud. It’s not known what percent of the bank fraud identified in the FTC report involved online banking, but other studies suggest it’s a growing problem. According to a 2005 Gartner report, an estimated 1.9 million online adults nationally were victims of fraudulent checking account transfers. Those illegal transfers resulted in $3.5 billion in losses.

That’s why regulators are asking banks to add an additional layer of security to their online banking systems. The precautions are supposed to be in place by the end of this month, but many banks won’t meet that deadline. Avivah Litan, a Gartner analyst, said she expects 85 percent of financial institutions nationwide to be compliant with the guidelines by the second quarter of 2007.

“If you don’t see it soon, you should ask your bank where they are on it,” said Jeremy Braun, Internet banking specialist at Western Bank, which will go live with its new online banking system on Dec. 12.

Western Bank began to alert its customers of the change beginning in November. “Once we turn it on, [customers] are going to have to deal with it,” said James Kuhn, senior vice president at Western. “We want to make it as smooth as possible.”

Western Bank and Park Midway Bank in St. Paul are using a system called PassMark. Bremer Financial Corp. of St. Paul is using a similar system.

Customers at banks using PassMark and similar systems need choose their picture and phrase only once. Generally, the bank will recognize the user’s computer in the future and require them to enter just their standard username and password. If a user logs on from a computer that the system doesn’t recognize — from work or an Internet cafe — they’ll be asked a challenge question to confirm their identity.

With the PassMark system, the image and phrase that customers chose when they registered will pop up on their screen each time they log in, providing reassurance that the site is indeed safe and not an imposter site. That feature, Western Bank officials say, just might entice customers who don’t now bank online to begin doing so.

Nearly half of the U.S. adults — 46 percent— who conduct commerce online say they have concerns about the safety of their personal and financial information, according to Gartner. More than 32 million people have stopped banking online or have never banked online because they don’t feel it’s safe or secure.

Business customers also will see changes. Many business customers, who routinely make large or complex transactions, will need to log into their accounts using fingerprints or tokens. Tokens are physical objects such as a key fob or a device that can be plugged into a computer, and generate numbers that a customer must use to access their account online.

Bankers admit that the additional steps customers have to take make banking online slightly less convenient.

“In some of the testing done, consumers are reacting negatively to the extra list of questions or time it’s taking to engage in transactions,” said Karen Grandstrand, an attorney at Minneapolis-based Fredrikson & Byron who specializes in financial services.

But Gartner analyst Litan says her research over the years has shown that many consumers don’t mind taking a few extra steps in order to secure their accounts.

Executives at San Francisco-based Wells Fargo don’t think additional security should make banking online more difficult for customers. The bank, which has a large presence in Minnesota, made changes to improve its online banking security, but retail customers probably won’t notice them.

Instead, the Wells Fargo system detects, in real-time, if a user is signing on from their usual location and analyzes their transaction and session behavior. Only if a user is denied entry into their account online will they be asked for additional information.

“The only time it will become apparent to customers is when the transaction appears out of pattern,” said Jim Smith, executive vice president of Wells Fargo’s Internet channel and products group.

Minneapolis-based U.S. Bank did not respond to requests for information for this story.

Small business customers of Wells Fargo will use tokens, and the system that Wells and others have in place might change in the future.

“As the threats evolve, we will evolve the solutions to make sure we keep customers information secure,” Smith said.

Just as Cub Foods has fingerprint scanners at its registers for customers who don’t want to whip out their wallet every time they buy groceries, some banks already are using similar technology.

Bloomington-based United Bankers’ Bank, which provides financial services to other banks, gave each of its 700 account holders a fingerprint-scanning machine well in advance of the new federal regulations.

“We saw the writing on the wall with identity theft back in 2003, so we pre-emptively decided to go with fingerprints as a system,” said Daren Mehl, assistant vice president of information technology at United Bankers’ Bank.

Mehl said he wouldn’t be surprised to see other banks eventually move to similar systems for their customers.

“Being a bankers’ bank we have large dollar transactions we’re dealing with,” Mehl said. “We wanted something that couldn’t be shared or forgotten.”

Source: Pioneer Press