NEWS High Street banks are set to agree on a physical security device for all UK online customers to use.
This move to two-factor authentication, using physical security devices that generate a password to be used only once, could make customers more secure when banking online.
Identity theft emails, known as phishing attacks, cost banks £12m last year, according to the Association of Payment and Clearing Systems (APACS). Precise details of this two-factor device should be agreed on in May, with the banks expected to roll out devices within nine to 12 months.
"We are looking to get a UK standard for next month," said a spokesman for APACS. "We are hoping this will enable us to make rapid progress. It would also be good to get a global standard like Chip and PIN."
APACS said that Barclaycard and the high-profile bank Coutts has already issued some customers with identity devices.
Last year, former White House cybersecurity advisor Howard Schmidt urged banks to issue customers with two-factor authentication. Schmidt is the chief security strategist of online auction eBay, which itself has yet to issue bidders with two-factor authentication devices.
Not everyone is so sure that two-factor authentication is the way forward, however. "People are selling two-factor authentication as the solution to our current identity-theft problems, but it was designed to solve the issues from 10 years ago," said security expert Bruce Schneier last month.
Dan Ilett writes for ZDNet UK.
Comments
There are 4 comments. Join the discussion
1. Chris Hills
To me the obvious choice is the smart cards we already have! All it would take is the issuance of smart card readers, which are cheap. I have been longing to do this for a long time. I also wish we could have 12-digit pins like you can in Australia.
2. Richard
Same device for each account?
I do hope that banks co-operate so that we can use one device for all of our accounts.
Having to find specific devices for each account would be a real turn-off.
3. John Wells
Who is going to foot the bill for these devices? Will the banks pay, or will we have to pay for the privilege?
And how, exactly, will two-factor authentication prevent phishing attacks? I need to verify the BANK's identity...not the other way around!
4. anonymous
Paying for additional security is fine. Cost will of course be borne by customers but so what? If it makes online banking safer then that is great. The banks overheads will have to rise and this will be met in various ways. Lower/higher interest for borrowers/savers, higher transaction costs and one off costs paid by customers. Internet banking always had a bit of the "too good to be true" about it, i.e. no cost security and no cost transaction processing.