When should you virtualise a server? Your questions answered
Click here to read the views of our pIT stop panel

knowledge centres

SEARCH Computing Jobs White papers Google

Register . About . Digital Edition . Advertise . PDA . RSS

Computing . Security

RBS begins two-factor authentication support

Bank will give customers card-reading devices to defend against phishing

Tom Young, Computing, 10 May 2007

Picture of Peter Cassidy

Cassidy: Banks do not compete on security

Royal Bank of Scotland (RBS) is to issue two-factor authentication card readers to its online customers this week.

The devices will protect against phishing attacks by providing a different password every time a customer logs on.

‘We will initially supply this enhanced security to business and personal customers who use e-banking to make frequent transfers or payments,’ an RBS spokesman told Computing.

The bank will then assess the technology’s success and roll it out to other customers.

The card readers, from vendor Xiring, are the size of a calculator and will be free of charge for customers who want them.

Barclays announced last month that it will start issuing similar devices later this year, while Alliance & Leicester has its own picture-based, two-factor systems in place. Lloyds TSB is testing a keyring-based system, but has not ruled out card readers as an eventual solution.

UK banking association Apacs defined the card readers as the UK standard for securing e-banking and e-commerce, despite the reticence of some banks.

Brendan Pickering, head of fraud technology at HSBC, says the system is unlikely to resolve fraud and security problems.

And George Hazell, information security manager at Alliance & Leicester, says the bank is uncomfortable with the practicality of a card reader, but would follow suit if the devices are adopted as the industry standard.

Two-factor is considered an effective defence against phishing, but is vulnerable to more sophisticated hacking attacks. Last year, US bank Citibank had its two-factor model cracked by a man-in-the-middle attack where a criminal sits between the user and their bank.

Banks have been criticised for using two-factor authentication as nothing more than a marketing device. But Peter Cassidy, from industry body the Anti-Phishing Working Group, says this attitude is unhelpful.

‘Phishing is low-tech and putting anything between the phisher and his goal is useful,’ he said. ‘Banks all face the same adversaries and it is an unspoken rule that they do not compete on security technology.’

Further reading:

Two-factor buoys confidence

Experts rubbish two-factor authentication

Pointsec adds two-factor authentication

RSA changes tack on two-factor authentication

More stories on these topics: Security, Ecrime, Hardware, Finance

Permalink Comments Forward

what do you think?

Post your comment

Send an email to the Computing editor at feedback@computing.co.uk

Reader comments for this story

Post your comment What is this?

Like this story? Spread the news by clicking a link:

del.icio.us

digg this

related content

latest news

The MoD

NAO: £7.1bn MoD scheme running late

Scheme has already delivered important benefits but first phase is 18 months late 04 Jul 2008

Cloud

Cloud-based email will surge in "fundamental restructure"

Storm approaching email market as clouds gather on SaaS provision 04 Jul 2008

Sainsbury’s web site down again

Retailer suffers from web downtime for the second time in a month 04 Jul 2008

latest in depth

easyjet aircraft

EasyJet reviews IT processes

Cutting fuel costs and improved services high on airline’s agenda 03 Jul 2008

Williams F1 cars

Williams F1 drives through changes

Formula 1 team uses a virtual private network to exchange strategic data with its UK factory 02 Jul 2008

Gavel

Relaxed domain laws may fuel legal costs

Experts warn that changes could tempt new cyber-squatters 02 Jul 2008

Advertising Marketplace

Search for solutions, reports & analysis

Sponsored links

Featured jobs

Principal Application Specialist - Application Developer

Chichester, United Kingdom | West Sussex County Council

Principal Application Specialist - Application Developer, Chichester, £42,100 - £44,700 (includes Market Rate Supplement) IT Services at WSCC supports and manages a variety of systems based on Oracle databases that include third party and ... more >

Administrative Computing Unit- Programmer/Analyst (Content Management System)

United Kingdom | Swansea University

Programmer/Analyst (Content Management System), £25,135 - £28,290 pa Administrative Computing Unit Joining an established team your role is to develop and enhance the University's use of the Terminal-Four Content Management System. Working closely with technical ... more >

ARCHITECT / DEVELOPER

London, United Kingdom | InterSystems

ARCHITECT / DEVELOPER, London, Very Competitive £ OBJECT ORIENTED DEVELOPER / PROGRAMMER / ARCHITECT with strong OO (object oriented) development experience required by world leading global software provider to act as Senior Technical Consultants. InterSystems Corporation ... more >

The Open University Computing & IT qualifications Helping you get on

United Kingdom | The Open University

The Open University Computing & IT qualifications - Helping you get on At The OU we're world leaders in helping people balance learning with working life. So whether you're looking to get into Computing or ... more >

More job opportunities

advertisement

advertisement

Most popular topics on Computing.co.uk

Communications . Ecommerce . Government . Green . Hardware . Innovation . Integration . Jobs . Outsourcing . Security . Skills . Software . Strategy

IThound

Computing newsletter

Computing Careers

Job of the week

advertisement

Related jobs

Search for a job

Try our Advanced search

white papers

Search for solutions, reports & analysis

advertisement

advertisement

advertisement