Maybe Dave could help me out here, but the main focus is what the banks have been building over time. And it's where we are now, and we want to extend that. It's called defence in depth. That's the strategy, and it's a layered approach on security. What it is, you have both the front end and the back end.
You can ramp up the front end, and they're getting progressively more sophisticated, based on the risk--that is, the assessment. You could have simple identification in a password or you could ramp that up. You could have machine tagging, for instance. If an online request came in and it's not from the machine that you normally use, that prompts a series of questions, questions about what you know or what you have. If they, in turn, then assess that there is risk beyond that, they might introduce things like tokens, a separate little piece of hardware that adds an additional multi-factor security. So there's a lot of front-end stuff.
The back-end stuff.... You've seen this yourself, and this gets progressively more sophisticated every day. If somehow a bad guy can actually penetrate that and try to commit a fraud, you have what they call heuristic systems that check your behaviour. If your behaviour is out of sync, they will send up a flag, geographical flags, transaction limits. These are all very dynamic and they're moving. The idea is to try to get that security throughout the system as well.