|BofA SafePass: One Name, Two Implementations|
|Written by Tim Ullrich|
|Thursday, 04 October 2007 12:52|
Bank of America recently launched a couple of security initiatives for both its banking and brokerage clients. To us, one of them seems pretty innovative, the other a potential nuisance.
On the brokerage side, SafePass will be used to secure online OTC Bulletin Board and Pick Sheet stock trades. The service includes an electronic card that displays a 6-digit, one-time use code. After clients place OTC Bulletin Board and Pink Sheet trades online, they will see the SafePass icon on the Preview Order page. Clients are then required to press the button on the card to display the security code and use that number to place the order. Unlike E*TRADE's Digital Security ID, which is optional, the SafePass is required for these types of trades. We're not sure if this is a small rollout to test the product and if BofA is planning to require this for all trades, but it does strike us as a bit extreme to require clients to use it. Complicating the matter, this is not the same SafePass card that customers of the retail bank can choose to use. So, even though the name is the same, if you are a bank customer and place OTC trades, you now have two cards to carry around.
Interestingly, however, on the retail bank side of the coin, BofA has launched a new feature for SafePass that actually allows customers to use the SafePass on a device they likely already carry around - their cell phone (they are evidently developing a card as well, but it is not yet available). Once customers have set up the SafePass system, they will be asked to request a six-digit SafePass code, which will be sent to a previously registered mobile device, each time they (or anyone else) attempts to execute one of the protected functions (e.g. transfer accounts, bill pay, P2P transfers, etc. - users can choose the functions they want to require SaffPass authentication, a nice feature). This is an excellent compromise between security and convenience - and as an added bonus, customers that sign up for this service are given higher transfer limits. If it is something that the industry at large adopts, it would mitigate the need for customer to carry a multitude of security key fobs. Now, for example, a customer who banks at BofA and trades at E*TRADE would be able to simply use their cell phone for the authentication tool.