By Will Sturgeon, 18 October 2005 17:20
NEWS More and more banks are moving their customers to two-factor authentication and experts claim it is only a matter of time before all banks make the switch.
Recently LloydsTSB announced its move to two-factor token-based authentication and today identity management firm RSA announced its own deals with two large banks - Unicredit Banca of Italy and the National Bank of Abu Dhabi.
Art Coviello, CEO of RSA, told silicon.com he believes deals such as these will make customers of other banks start to look at how their own bank authenticates identities in the wake of increased concerns about identity theft.
He said: "People will vote with their feet. They may not change their bank but they may not bank online anymore.
"Banks who aren't doing this will be forced to change."
Steve Wylie, EMEA managing partner in Accenture's security practice, who works with a number of large banks, said it will be customer power which drives a move to stronger authentication once they start hearing about those banks already making the switch.
"Banks will start to realise that customers value this and are increasingly aware of security," he said. "Public awareness drives a lot."
A mix of needing to keep up with their competition and a need to be seen to do right by their customers means the banking industry is likely to reach a tipping point with the rollout of two-factor authentication sometime in the next 18 months, said Wylie.
Speaking on a panel at RSA Conference Europe, Martha Bennett, research director at Forrester, said: "Our research shows there is a correlation between the adoption of online banking and the deployment of two-factor authentication."
"Consumers strongly believe their banks should put the necessary measures in place and do more to protect accounts," added Bennett.
RSA's Coviello added that the changing onus of liability has forced the banks' hands to a degree.
"Until now the banks have been willing to cover the fraud," he said, adding that now they should be looking at the cost of implementing strong authentication and weighing it up against the cost of reimbursing fraud victims.
Comments
There are 3 comments. Join the discussion
1. Michael J. O'Farrell
An interesting correlation to study would be the adoption of online banking, two-factor authentication and mobile phones... With 100's of millions online banking customers, only 25+ million hard token users globally - mainly in enterprises - and over 1.5 billion mobile users world wide; the natural consumer token for online banking two-factor authentication is the mobile phone.
By activating mobile devices as authentication tokens over-the-air, mass deployment would be simplified, consumers would not need to carry another device and the economics of delivering and managing two-factor authentication tokens 'en masse' would be significantly reduced.
It’s a Win-Win-Win for all involved.
The banks Win with a simple to understand and easy to deploy cost-effective consumer authentication token device; the security industry Wins with exponential mass-market adoption of two-factor authentication; and, most important, online banking consumers Win with a new, innovative security services to protect them from identity theft and transaction fraud by leveraging something they carry with them everyday – their mobile phone.
2. anonymous
I don't quite get the point of this, surely banking should be getting easier and less irritating for the customer. For example you still have; factor 1) the username and password and now your also going to have; factor 2) the everchanging pin number you will have to type in.
What happens if someone steals( factor 1 maybe written down somewhere in that handbag next to that device) or you lose the token/mobile device, will you have to wait X number of days for a replacements and with not a hope of getting access to the accounts.
Does this also mean you will need to carry this device with you at all times, on the off chance you may wish to check your account online?
This is going to be just another one of those ideas that will hopefully just disappear.
Talk about recycling old technology.
I'm sorry, but no thanks my banking experiences can be irritating enough. I could think of many more convenient ways I'd prefer the banks to tighten online security.
3. anonymous
Except we all have to buy new mobile phones!.. SMS doesnt work underground and the delay can be hours.