Does prompting for security questions on new computers add any security on banking websites?

The scenario that this is designed to prevent is keylogging. It is fairly easy to get a keylogger that will report back but somewhat more complex to make a program that will actually execute an attack remotely on another computer. Since you don't regularly enter your security question answers, if an attacker obtains your password via a key logger, they won't be able to use it on their system without knowing the answer.

It does have somewhat limited effectiveness though as if the attacker can force your system to not be recognized, they can get you to answer the security questions as well. It is still a slight increase in difficulty for an attacker though and is not a significant or even common burden for a user.


Fraud management. The bank's website may be using Geo-location and device fingerprinting.from Wikipedia

Geo-location is the identification of the real-world geographic location of an object, such as a mobile phone or an Internet-connected computer terminal.

Device fingerprinting is information collected about a remote computing device for the purpose of identification

Imagine today in the morning you did a transaction from US and two hours later an attempt is made to log into your account from China. Using geo-location the system will know that something is not right.

If a new computer is being used to access your account the system wants to make sure that it is the real owner of the account and not some hacker with a stolen password.

The banking system may be designed to develop a level of trust for the computers that you regularly use for your financial transactions. The moment your request comes from a new device/location, system asks you a security question.

P.S. If your security question is "what is the name of your dog?" or "What was the name of your high school?" the attacker may be able to guess these easily. Security questions can not be compared to two factor authentication.