25 Mar 2008
Financial services group Abbey says its customers do not see the need for two-factor authentication devices as the technology represents too much hassle.
A study carried out by the bank with 1000 customers found that only 32 per cent of customers want the chip-and-PIN-style authentication devices.
And despite the apparent concerns for online security, only 30 per cent of Abbey’s clients welcomed more security questions.
"People want security with the least hassle. Finding customer-friendly ways to protect people and their accounts is key," said Abbey’s director of financial crime Neil Wilson.
"Ongoing monitoring is one of the most important factors in preventing card fraud," he said.
The survey results follow Abbey’s decision to join HSBC in opting out of two-factor authentication schemes, which are intended to tackle fraud committed in cases where the cardholder is not present, such as online shopping.
Barclays, Lloyds TSB, Nationwide and Royal Bank of Scotland (RBS) all have two-factor systems that give customers automatically-generated one-time passcodes, to use in conjunction with the password they already know.
The problem with two-factor schemes is their impracticality, said EA Consulting Group director Robin Bearne.
“The fact that each issuer of cards will use a different authentication device means that a customer with three cards could end up with three different devices in their pockets,” he said.
Privacy firm Garlik’s chief executive Tom Ilube said that people are concerned, but are not prepared to do anything about it.
“Customers prioritise speed and convenience over security, so if a new gadget or application gets in the way, they will not use it.”
There is a solution I have seen from Data Select that takes the functionality of the security token and dongle and puts it on the user's mobile phone, why don't these banks offer that as everyone has a mobile phone nowadays?
Posted by: Richard Abel 16 Jul 2008
I don't get it. All to often do short sided executives think they "know" what their customers want. If this is true however and their people find Two Factor Authentication a hassle, then these people deserve everything they get should they be unfortunate to become victims of identity theft and have their money stolen. I don't like forcing things on the consumer but in this case it's for their protection.
Posted by: Scott 25 May 2008
I disagree with Mr. Robin Bearne. The fact that he is probably not well informed about the two-factor authentication solutions out there, does not make strong authentication impractical.
He claims that two-factor authentication is impractical because each issuer uses a different authentication device. Have you heard of PayPal/eBay's security key? You can use the same security device for both accounts.
What is more interesting is that you can use the same physical device with any other account that is part of the VeriSign Identity Protection Network.
I use it to protect my eBay, PayPal and openID account. I can't wait for the day when the small credit union I use starts providing strong authentication.
Posted by: Slave Jovanovski 01 Apr 2008
one of the major South African banks has a system in place for certain types of internet-banking transactions where a system-defined password (continually changed) is sent in real-time to the client's registered mobile number; this number has to then be inputted for the transaction to be authorised. The system has a number of safeguards in that the user requires the banking account user-name & password, the mobile phone registered on the clients' bank profile
Posted by: trevor grantham 27 Mar 2008
Have your say on this article
Newsletters
Latest stories from Finance and Reporting
Latest videos
You may also like
Finance and Reporting jobs
Technology Patent Wars
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
