As featured in The Wall Street Journal, Money Magazine, and more!
     

New Log-In Process Coming to EmigrantDirect

This article was written by in Banking. 6 comments.


I received an email from EmigrantDirect today warning that the process for logging into their website for online banking is about to change. The new process will be similar to ING Direct’s security feature involving a unique sign-in ID, an image, and a pass phrase.

If you’re a customer, you might have received this email. They are staggering the transition, so it’s possible that customers haven’t received the notification. Here is the full text of the communication:

Dear Customer,

Our new login process adds an additional layer of security to protect your American Dream account(s).

To begin the new login process:

  • You will be asked to complete a one-time enrollment during which you will select an image and create a unique phrase or description to accompany the image.

To use the new login process:

  • You will see your selected image and phrase every time you log in from your registered computer so you will know immediately that the site is indeed EmigrantDirect.com and it is safe to enter your password.
  • You may register as many computers as you like, but we suggest that you only register computers that are private, such as your home computer.

Federal guidelines require that all internet banks implement this procedure by the end of the year and your account will be selected for enrollment within the next 30 days.

Please do not reply to this e-mail as your reply will go to an unmonitored mailbox. If you have any questions, you may send a message from your secure Message Center once you are logged on, or call Customer Service at 1-800-836-1997, seven days a week, 8:00 AM – 11:30 PM ET.

Updated February 6, 2012 and originally published November 30, 2007. If you enjoyed this article, subscribe to the RSS feed or receive daily emails. Follow @ConsumerismComm on Twitter and visit our Facebook page for more updates.

Email Email Print Print
avatar
Points: ♦127,435
Rank: Platinum
About the author

Luke Landes, also known as Flexo, is the founder of Consumerism Commentary. He has been blogging and writing for the internet since 1995 and has been building online communities since 1991. Find out more about him and follow Luke Landes on Twitter. View all articles by .

{ 6 comments… read them below or add one }

avatar Toby

I hate to be a killjoy but, as an information security professional, I can tell you that the type of login you are talking about does little to actually protect your information from determined criminals. Within hours of ING deploying their new login scheme there were keyloggers with a new “feature” that would capture small sections of your screen around your mouse pointer when you clicked it which allowed the criminals to capture your PIN even if you use the on-screen number pad.

In addition, once the malicious software is on your system they can steal the cookies from your browser that store info about those pictures that everyone is using or stick in the middle and conduct their own electronic transfers. It’s a lot of sizzle and very little steak, if you know what I mean.

Reply to this comment

avatar Madison

Isn’t the idea of the pictures that I am supposed to recognize them? We have so many bank accounts, I can’t even remember which pictures go to which accounts.

Reply to this comment

avatar Toby

@ Madison: The point is not just to have a picture associated with your account. It is supposed to be the combination of your picture and word or phrase that is supposed to ensure that you are communicating your your bank and not a phishing site.

When you are setting up the pictures, I always use meaningful phrases that will jog my memory when I am logging in. For instance, if you have a picture of an orange. Don’t use the phrase “An orange” associated with it. Instead use something meaningful like a song lyric, “I’ve got my spine, I’ve got my orange crush.” Now, even though you may not remember which picture is which, the phrase should hopefully jog your memory.

Reply to this comment

avatar general

@ Toby: As an information security professional, you then know that most thieves and unsavory characters tend to go for low hanging fruit before tackling something more sophisticated.

The point behind the modifications isn’t that the system is absolutely secure, it’s simply that they’ve added extra layers of security to make it just a little more difficult for the majority of script kiddies.

The reality is that if someone wants your information bad enough, they’re going to get it. It doesn’t matter what you do, or how you do it. The key here is that it now takes more effort and more technical know-how to get to what they’re after.

As you’re aware, the process of creating security measures to defend against security breaches is very cyclic by nature. Sooner or later the thieves ramp up on the new security measures, and then the business has to adapt and create a new hurdle. Then we start over again.

It’s an improvement, and as an information security professional, I would expect you to applaud the effort to at least improve security based upon what you know of the business involved, and the nature of security in a digital world.

Thanks.

Reply to this comment

avatar Toby

@ general: I agree that thieves tend to go for low-hanging fruit before tackling something more sophisticated. However, I think you are over-estimated the amount of sophistication and complexity inherent in these new “security measures.”

In our industry we call it “security theater”. Looks great. Looks secure. Makes for great press-releases. Doesn’t do a lick of good as far as increasing security.

My job is not to make things completely secure. It is to balance the risk versus the cost of security measures. So when I say that these new measures don’t do any good, I mean that the total cost (monetary, user experience, etc.) is not worth the “increased security” (trivial). The money these companies spend is not to increase security, rather it is to increase the *appearance* of security to their customers. Given that this increases customer trust it is still probably money well-spent but don’t, for a second, think that they’ve improved security in any meaningful way.

Also, I don’t think you realize the threat that is out there. It’s not little Johnny hacking your computer from his mommy’s basement anymore. Organized crime is out there. They are well-funded. They have professional programmers writing their software and it is really well planned and well implemented.

Virus signature databases doubled in size over the past year and anti-virus vendors are struggling to keep up. An estimated 25% of the 600 million computers on the Internet today are thought to be parts of botnets. 150 million zombie machines out there that might do anything from attack a site, to resend spam, to collect your personal information. It is considered by many to be a virtual pandemic.

So pardon me if I don’t jump up and give a standing ovation to an under-arm-fart-noise rendition of Beethoven’s 5th. I think I’ll hold my applause for a real performance.

Reply to this comment

avatar Frank Feldt

This is a scam, always login direcectly to the web site with your browser,,

Reply to this comment

Leave a Comment

Connect with Facebook

Note: Use your name or a unique handle, not the name of a website or business. No deep links or business URLs are allowed. Spam, including promotional linking to a company website, will be deleted. By submitting your comment you are agreeing to these terms and conditions.

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Previous post:

Next post: