Abbey wary of two-factor authentication

25 Mar 2008

Comments: 5

A Computing logo
picture of abbey's logo
Abbey's customers reject two-factor authentication devices

Financial services group Abbey says its customers do not see the need for two-factor authentication devices as the technology represents too much hassle.

A study carried out by the bank with 1000 customers found that only 32 per cent of customers want the chip-and-PIN-style authentication devices.

Further reading

And despite the apparent concerns for online security, only 30 per cent of Abbey’s clients welcomed more security questions.

"People want security with the least hassle. Finding customer-friendly ways to protect people and their accounts is key," said Abbey’s director of financial crime Neil Wilson.

"Ongoing monitoring is one of the most important factors in preventing card fraud," he said.

The survey results follow Abbey’s decision to join HSBC in opting out of two-factor authentication schemes, which are intended to tackle fraud committed in cases where the cardholder is not present, such as online shopping.

Barclays, Lloyds TSB, Nationwide and Royal Bank of Scotland (RBS) all have two-factor systems that give customers automatically-generated one-time passcodes, to use in conjunction with the password they already know.

The problem with two-factor schemes is their impracticality, said EA Consulting Group director Robin Bearne.

“The fact that each issuer of cards will use a different authentication device means that a customer with three cards could end up with three different devices in their pockets,” he said.

Privacy firm Garlik’s chief executive Tom Ilube said that people are concerned, but are not prepared to do anything about it.

“Customers prioritise speed and convenience over security, so if a new gadget or application gets in the way, they will not use it.”

Reader comments

Why is a physical item required to generate passcode?

There is a solution I have seen from Data Select that takes the functionality of the security token and dongle and puts it on the user's mobile phone, why don't these banks offer that as everyone has a mobile phone nowadays?

Posted by: Richard Abel  16 Jul 2008

A Hassle? Are You Kidding?

I don't get it. All to often do short sided executives think they "know" what their customers want. If this is true however and their people find Two Factor Authentication a hassle, then these people deserve everything they get should they be unfortunate to become victims of identity theft and have their money stolen. I don't like forcing things on the consumer but in this case it's for their protection.

Posted by: Scott  25 May 2008

I think outsourcing is just every where and not only in one

I think outsourcing is just every where and not only in one country or region

Posted by: tinasilvee  03 Apr 2008

I disagree with Mr. Robin Bearne

I disagree with Mr. Robin Bearne. The fact that he is probably not well informed about the two-factor authentication solutions out there, does not make strong authentication impractical.

He claims that two-factor authentication is impractical because each issuer uses a different authentication device. Have you heard of PayPal/eBay's security key? You can use the same security device for both accounts.

What is more interesting is that you can use the same physical device with any other account that is part of the VeriSign Identity Protection Network.

I use it to protect my eBay, PayPal and openID account. I can't wait for the day when the small credit union I use starts providing strong authentication.

Posted by: Slave Jovanovski  01 Apr 2008

added security that works and is simple

one of the major South African banks has a system in place for certain types of internet-banking transactions where a system-defined password (continually changed) is sent in real-time to the client's registered mobile number; this number has to then be inputted for the transaction to be authorised. The system has a number of safeguards in that the user requires the banking account user-name & password, the mobile phone registered on the clients' bank profile

Posted by: trevor grantham  27 Mar 2008

Have your say on this article

All fields required. Your email address will not be displayed on the site.

By submitting a comment you agree to abide by our Terms & Conditions

  • Digg
  • Tweet

Newsletters

Sign up for our FREE newsletters

Technology Patent Wars

Large companies such as Microsoft, Facebook and Google have been hoovering up technology patents recently. Is this stifling innovation?

88 %

5 %

7 %