New Zealand’s banks are moving to provide what ASB’s group manager of online business, Peter Mugglestone, calls “defence in depth” against phishing and other forms of fraud.
ASB was the first bank in New Zealand to roll out new security certificates that allow customers to visually verify they are on ASB’s true site and not a front for phishing.
Mugglestone says other banks have since followed suit in adopting the technology, Extended Validation, or EV, secure sockets layer certificates.
Mugglestone says the new security, which was rolled out in May for users of the bank’s FastNet Classic platform, significantly raises the bar to gaining certification. Customers using the latest versions of browsers will then be infromed whether a website is legitimate or not through a colouring that appears in the browser’s address bar.
If the site is genuine, the address bar goes green, if it is a known phishing site it goes red and if it is neutral it remains white. The green bar shows site visitors that the transaction is encrypted and the organisation has been authenticated.
Mugglestone says the project to implement Verisign’s EV SSL technology was not a big one.
The biggest challenge has been informing customers about the feature and raising awareness of it.
He says it is something every bank will eventually do.
In addition to the colour coding in the address bar, a lock icon appears next to the address, and a new field displays to the right of the URL in the browser containing the name of the organisation that owns the site as well as the security provider that issued the certificate.
“Phishing schemes that surreptitiously lead consumers to fraudulent look-alike bank pages can threaten the trust that legitimate financial institutions like ASB build with their clients over many years,” Mugglestone says.