[ISN] British banks to provide extra Web security

InfoSec News isn at c4i.org
Fri Apr 15 06:02:55 EDT 2005


By Dan Ilett
ZDNet (UK) 
April 14, 2005

Major British banks are set to agree on a physical security device for
all U.K. online customers to use.

This move to two-factor authentication could make customers more
secure when banking online. Such systems use a physical security
device that generates a password to be used only once.

Identity theft e-mails, known as phishing attacks, cost U.K. banks
$22.6 million last year, according to the Association of Payment and
Clearing Systems, which represents the British banking industry.

Precise details of the two-factor device should be agreed upon in May,
with the banks expected to roll out devices within nine to 12 months.

"We are looking to get a U.K. standard for next month," said an APACS
representative. "We are hoping this will enable us to make rapid
progress. It would also be good to get a global standard."

APACS said that credit card issuer Barclaycard and the high-profile
bank Coutts have already issued some customers identity devices.

Last year, former White House cybersecurity adviser Howard Schmidt
urged banks to use issue customers with two-factor authentication.  
Schmidt is the chief security strategist of online auction eBay, which
itself has yet to issue bidders two-factor authentication devices.

Not everyone is so sure that two-factor authentication is the way
forward, however. "People are selling two-factor authentication as the
solution to our current identity theft problems, but it was designed
to solve the issues from 10 years ago," security expert Bruce Schneier
said last month.

Dan Ilett of ZDNet UK reported from London.

More information about the ISN mailing list