This is some interesting research that I haven’t heard before. The gist of the article is that banks considering implementing site-authentication solutions should pause to reconsider. This initial research seems to point to these methods being somewhat ineffective. This makes me curious. I wonder if information of this sort will spawn similar thinking throughout the industry. I wonder if/how regulators might react to information like this. If nothing else, its something else to keep in mind in terms of assessing risks. If your institution has a similar solution it might be a good time to make sure management has had a chance to evaluate the risk and update your risk assessment accordingly. “