07 Jan 2009
HSBC has deployed a new authentication system to protect online and remote transactions from fraud.
Using the system provided by Authentify, the authentication process is isolated from the web, and user or transaction details must be entered via a telephone call synchronised to online sessions, making it more difficult for criminals to hack into accounts even when using compromised personal information.
The out-of-band system claims to offer the highest security with the most convenience, as opposed to two-factor authentication – whereby devices give customers automatically-generated one-time passcodes to use in conjunction with the password they already know – as a way to tackle fraud committed in cases where the cardholder is not present, such as online shopping.
A number of UK banks including Barclays, Lloyds TSB, Nationwide and Royal Bank of Scotland have introduced two-factor authentication schemes, while HSBC and Abbey have opted not to, saying the devices were considered impractical.
Figures released in October by UK payment service Apacs showed that online banking fraud losses totalled £21.4m during the six months to June 2008, a 185 per cent rise on the 2007 figure.
We are never happy. Let's give the banks a break - they are trying hard to protect us. Not enough for some and too much for others. Until biometric user authentication is implemented it's all down to user care to avoid cyber carelessness..and even then the cyber criminals will bite back.
Posted by: C. Coats 19 Jan 2009
While this might seem like a good and strong way to keep customers safe when banking online, it runs the risk of alienating more savvy users if it's a mandatory process. For people who keep a close eye on their bank accounts, are very familiar with phishing tactics and are therefore content with the two factor authentication, this just becomes an inconvenience.
Basically it panders to the lowest common denominator and is not ideal for everyone.
Posted by: David 09 Jan 2009
Maybe it's safer for the public's eyes, but excuse me, having access to the victim's computer, doesn't the 'hacker' also have access to the authentify.com account also?
It seems to me this, just like most of nowadays security 'improvements' are just there to fool the naive people, not for a real security purpose.
Posted by: Andrew Wiles 07 Jan 2009
Have your say on this article
Newsletters
Latest stories from Security Technology
Latest videos
You may also like
Security Technology jobs
Technology Patent Wars
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
