Picture of Peter Cassidy
Cassidy: Banks do not compete on security

RBS begins two-factor authentication support

Bank will give customers card-reading devices to defend against phishing

Written by Tom Young

Computing, 10 May 2007

Royal Bank of Scotland (RBS) is to issue two-factor authentication card readers to its online customers this week.

The devices will protect against phishing attacks by providing a different password every time a customer logs on.

‘We will initially supply this enhanced security to business and personal customers who use e-banking to make frequent transfers or payments,’ an RBS spokesman told Computing.

The bank will then assess the technology’s success and roll it out to other customers.

The card readers, from vendor Xiring, are the size of a calculator and will be free of charge for customers who want them.

Barclays announced last month that it will start issuing similar devices later this year, while Alliance & Leicester has its own picture-based, two-factor systems in place. Lloyds TSB is testing a keyring-based system, but has not ruled out card readers as an eventual solution.

UK banking association Apacs defined the card readers as the UK standard for securing e-banking and e-commerce, despite the reticence of some banks.

Brendan Pickering, head of fraud technology at HSBC, says the system is unlikely to resolve fraud and security problems.

And George Hazell, information security manager at Alliance & Leicester, says the bank is uncomfortable with the practicality of a card reader, but would follow suit if the devices are adopted as the industry standard.

Two-factor is considered an effective defence against phishing, but is vulnerable to more sophisticated hacking attacks. Last year, US bank Citibank had its two-factor model cracked by a man-in-the-middle attack where a criminal sits between the user and their bank.

Banks have been criticised for using two-factor authentication as nothing more than a marketing device. But Peter Cassidy, from industry body the Anti-Phishing Working Group, says this attitude is unhelpful.

‘Phishing is low-tech and putting anything between the phisher and his goal is useful,’ he said. ‘Banks all face the same adversaries and it is an unspoken rule that they do not compete on security technology.’

reader comments

related articles

Two-factor buoys confidence

Introduction of two-factor authentication technology sees rise in customer transactions 02 Nov 2006

 

Experts rubbish two-factor authentication

Technology will not cut phishing, e-Crime Congress hears 27 Mar 2007

Pointsec adds two-factor authentication

Stronger encryption software for laptops and desktops 31 Oct 2006

RSA changes tack on two-factor authentication

Two-factor alone is no longer enough 24 Apr 2007

Management

HSBC strengthens online fraud defences

Combination of web and phone expected to improve security 07 Jan 2009

Finance

Barclays claims zero online fraud

The bank credits the absence of online crime to the introduction of two-factor authentication devices 16 Jul 2008

Communications

Barclays rolls out contactless payment for debit cards

Three million customers to receive cards embedded with the new technology by year end 03 Mar 2009

related whitepapers

today's top stories

Internet

Lack of enterprise appeal takes shine off Chrome OS

Enterprise buyers unlikely to ditch Windows for Chrome OS in the near term, say experts 09 Jul 2009

Management

How Satyam cleaned up its act

Chief executive CP Gurnani tells Angelica Mari why Tech Mahindra opted to keep the Satyam brand after it bought the scandal-hit services firm, and explains what the deal means for existing and prospective customers 09 Jul 2009

Software

Open source bites back

Recession-hit companies are tired of vendors holding a gun to their heads over software licensing, says CEO of Ingres 09 Jul 2009

Communications

"We will ensure Britain remains at the forefront of the digital revolution"

As new trials of superfast broadband get under way, minister Pat McFadden explains the government’s digital vision 09 Jul 2009

Management

Put social networks to work on your career

Increasing numbers of IT professionals using sites such as LinkedIn to grow contacts and find jobs 09 Jul 2009

> More news

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

More available - click 'submit' to view

Existing User

Newsletter user login:

Advertisement

Jobs

Related jobs

Job of the week

> More IT vacancies

Job alerts

  • Latest jobs to your inbox
Sign up here

Find your next job

IT Salary Checker

  • Are you being paid what you are worth?
Check salary here

Advertisement

White papers

Search white papers

Top categories

VPN, Extranet and Intranet Solutions

WAN/ LAN Solutions

Network Security

Interoperability-Connectivity

Grid/ Utility Computing

Latest poll

Would you use social networking sites to look for a job?

Would you use social networking sites to look for a job?

Tell us what you think about job hunting through LinkedIn, Facebook, Twitter etc

View poll results

> More polls

Latest audio and video articles

network cablesVideo

How to maximise the value of your IT networking investment

A panel of experts discuss networking strategies that deliver real value to business 03 Jul 2009

green footprintsVideo

How to manage enterprise energy use - and the role IT can play

A panel of experts explore how firms can get to grips with their carbon footprint and make smarter use of energy 01 Jul 2009

> More audio and video

Latest in-depth articles

Google ChromeAnalysis

Lack of enterprise appeal takes shine off Chrome OS

Enterprise buyers unlikely to ditch Windows for Chrome OS in the near term, say experts 09 Jul 2009

Satyam CEO CP GurnaniNews

How Satyam cleaned up its act

Chief executive CP Gurnani tells Angelica Mari why Tech Mahindra opted to keep the Satyam brand after it bought the scandal-hit services firm, and explains what the deal means for existing and prospective customers 09 Jul 2009

> More in depth articles

Advertisement

Primary Navigation