ID theft: Which banks do best?

A report into which US financial institutions best protect their customers against identity theft has named Bank of America, JP Morgan Chase and Washington Mutual as the top three.

Out of 24 of the top financial institutions in the US, these three banks scored best in a test of their ability to prevent, detect and resolve ID theft, Javelin Strategy & Research said in its annual Banking Identity Safety Scorecard, which is slated to be released today. KeyBank and Marshall & Ilsley Bank also receive honourable mentions in the report.

Most banks do especially well in resolving identity fraud, such as dealing with disputed transactions on accounts, James Van Dyke, president of Javelin Strategy & Research, said in a presentation at American Banker's 3rd Annual Identity Theft and Fraud Symposium in San Francisco.

Van Dyke said: "Prevention and detection are really the next frontier. Financial institutions focus much more on resolving problems after they occur rather than stopping them up front."

Last year, identity theft for the third straight year topped the list of fraud complaints reported to the Federal Trade Commission. Consumers filed more than 255,000 identity theft reports to the FTC in 2005, accounting for more than a third of all complaints the agency received.

Together the 24 banks covered by the Javelin Strategy & Research report cover about 60 per cent of the US banking market. The study probed 26 customer-facing capabilities and features of banks, online as well as offline. Mystery callers, for example, phoned banks to try out the customer service representatives, Van Dyke said.

ID theft prevention had the most weight in evaluation. Bank of America's high standing was helped by its introduction of SiteKey, image and text checks that let people know they are on an authentic Bank of America website and also verify the identity of the customer. Other financial institutions are expected to introduce similar features soon, Van Dyke said.

He said only Bank of America had two-factor authentication when the study results were compiled a few weeks ago, adding: "Of course we're going to see a land grab." That's mostly because the Federal Financial Institutions Examination Council last October recommended that banks introduce multiple-factor authentication by the end of 2006.

One way to improve prevention and detection is through alerts. Banks could let customers set up email or mobile phone text message alerts, for example, Javelin Strategy & Research said. Another way could be to promote online account monitoring and advanced protection against phishing scams that seek to trick people into giving up account details, the research company said.

Joris Evers writes for CNET News.com