Barclays secures selected few

UK bank tightens online security for half a million customers

High-street bank Barclays will issue half a million of its internet banking customers with a handheld security device later this year, backtracking on earlier plans to provide all online users with two-factor authentication.

The bank will provide standalone chip-and-PIN devices to customers transacting online with third parties to improve security and combat identity theft.

But Barclays told Computing last year that it planned to issue all online banking customers with two-factor authentication card readers (Computing, 3 August).

Barnaby Davis, director of online banking at Barclays, says customers making third-party payments have been identified as needing stronger security.

‘The customers to receive card readers are those actively setting up new payments, our premier customers and small business customers,’ said Davis.

‘We do not plan to issue readers to every customer, but if customers want readers in future they can request them.’

Davis says future security policy may involve different levels of authentication depending on individual customer’s needs.

‘I envisage a scenario where you do not have to issue card readers to every customer because those just logging on to view their accounts, for example, do not need that level of security,’ he said.

Barclays has chosen PINsentry card readers from vendor Gemalto, which will read the chip on a customer’s bank card and provide a one-time password to enter the online banking portal.

The device has been designed to UK banking industry body Apacs’s card reader industry standard established last year, which has been incorporated into an international standard.

Rival bank Alliance & Leicester experienced a 22 per cent increase in active online current accounts when it introduced two-factor authentication technology in March 2006.

Graham Titterington, Ovum prinicipal analyst, says tight online security will become a competitive differentiator in the banking sector, but a full-scale rollout to all Barclays’ customers may need to be balanced against cost and where the need for reinforced security is greatest.

‘Card readers cost between £10 and £20 each and the people most at risk of internet banking fraud are those transacting with third parties,’ said Titterington.