HSBC questions online security tool

Bank has seen online takeup without need for extra security

The Apacs card reader: will not necessarily be adopted by HSBC

Efforts to standardise online banking security could be undermined by HSBC’s refusal to adopt two-factor authentication for access to its web accounts.

Some high-street rivals have explicitly linked growth in online banking with improvement in security procedures.

But figures from HSBC last week show a 55 per cent rise in online customers last year without any extra safety measures. The firm is now questioning the need for investment in industry body Apacs’s standard card reader.

The surge in take-up proves customers already feel safe on the internet, says HSBC head of e-commerce Alison Leonard.

‘This is an unprecedented jump and clearly people are confident to bank online,’ she said.

‘Today’s industry standard is not necessarily tomorrow’s, and nobody in the retail customer base is actually interested in two-factor authentication in any meaningful sense.’

HSBC is the only bank actively resisting the introduction of two-factor technology. Barclays and Royal Bank of Scotland are rolling out the Apacs card reader, and Alliance & Leicester and Lloyds TSB are both testing their own versions of the concept.

Alliance & Leicester reported a 22 per cent growth in web-based current accounts in the six months following its introduction of the card reader technology.

HSBC says it prefers to work on educating customers and monitoring back-end transactions, though it does offer two-factor authentication to some commercial customers.

Apacs claims its model was always optional.

‘There might be some banks who do not go down that route for some time because they are using other methods,’ said a spokeswoman.