Picture of Peter Cassidy
Cassidy: Banks do not compete on security

RBS begins two-factor authentication support

Bank will give customers card-reading devices to defend against phishing

Written by Tom Young

Computing, 10 May 2007

Royal Bank of Scotland (RBS) is to issue two-factor authentication card readers to its online customers this week.

The devices will protect against phishing attacks by providing a different password every time a customer logs on.

‘We will initially supply this enhanced security to business and personal customers who use e-banking to make frequent transfers or payments,’ an RBS spokesman told Computing.

The bank will then assess the technology’s success and roll it out to other customers.

The card readers, from vendor Xiring, are the size of a calculator and will be free of charge for customers who want them.

Barclays announced last month that it will start issuing similar devices later this year, while Alliance & Leicester has its own picture-based, two-factor systems in place. Lloyds TSB is testing a keyring-based system, but has not ruled out card readers as an eventual solution.

UK banking association Apacs defined the card readers as the UK standard for securing e-banking and e-commerce, despite the reticence of some banks.

Brendan Pickering, head of fraud technology at HSBC, says the system is unlikely to resolve fraud and security problems.

And George Hazell, information security manager at Alliance & Leicester, says the bank is uncomfortable with the practicality of a card reader, but would follow suit if the devices are adopted as the industry standard.

Two-factor is considered an effective defence against phishing, but is vulnerable to more sophisticated hacking attacks. Last year, US bank Citibank had its two-factor model cracked by a man-in-the-middle attack where a criminal sits between the user and their bank.

Banks have been criticised for using two-factor authentication as nothing more than a marketing device. But Peter Cassidy, from industry body the Anti-Phishing Working Group, says this attitude is unhelpful.

‘Phishing is low-tech and putting anything between the phisher and his goal is useful,’ he said. ‘Banks all face the same adversaries and it is an unspoken rule that they do not compete on security technology.’

reader comments

related articles

Two-factor buoys confidence

Introduction of two-factor authentication technology sees rise in customer transactions 02 Nov 2006

 

Experts rubbish two-factor authentication

Technology will not cut phishing, e-Crime Congress hears 27 Mar 2007

Pointsec adds two-factor authentication

Stronger encryption software for laptops and desktops 31 Oct 2006

RSA changes tack on two-factor authentication

Two-factor alone is no longer enough 24 Apr 2007

Abbey wary of two-factor authentication

Bank decides against password verification devices because customers consider them a hassle 25 Mar 2008

Finance

Barclays claims zero online fraud

The bank credits the absence of online crime to the introduction of two-factor authentication devices 16 Jul 2008

Industry lays into 3-D Secure

Verified by Visa and MasterCard SecureCode are flawed, say experts 11 Apr 2008

related whitepapers

today's top stories

Management

IT's stock is soaring at the LSE

London Stock Exchange IT chief David Lester explains to Angelica Mari how the integration of Borsa Italiana is keeping his team busy, despite the worsening economy 20 Nov 2008

Management

Keeping IT in fashion

John Bovill has been hooked on retail since his early years as a fashion market trader. His industry knowledge is now helping him build a slick IT operation, reports Charlotte Moore 20 Nov 2008

Management

Cutting-edge IT delivers the goods

Chief technology officer Jay Bregman explains how constant innovation is part and parcel of his strategy for delivering competitive advantage at eCourier 20 Nov 2008

Management

Computing podcast: Europol's data sharing woes; credit card protection at Cotton Traders

The pan-European fight against organised crime is undermined by lax data sharing arrangements; and Cotton Traders enhances its credit card protection 20 Nov 2008

Management

Keeping IT on track

Catherine Doran, winner of Computing’s IT Leader of the Year award, tells Angelica Mari of her determination to drive on with technology-led transformation at Network Rail despite uncertainty over funding 19 Nov 2008

> More news

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Advertisement

Jobs

Related jobs

Job of the week

> More IT vacancies

Job alerts

  • Latest jobs to your inbox
Sign up here

Find your next job

IT Salary Checker

  • Are you being paid what you are worth?
Check salary here

Advertisement

White papers

Search white papers

Top categories

VPN, Extranet and Intranet Solutions

WAN/ LAN Solutions

Network Security

Interoperability-Connectivity

Grid/ Utility Computing

Latest poll

Will attempts to rebrand IT as a "cool" choice of profession increase the number of IT graduates?

Will attempts to rebrand IT as a "cool" choice of profession increase the number of IT graduates?

Can brand building reverse a decline in IT graduate numbers?

Previous poll results

> More polls

Latest audio and video articles

Video

The definitive guide to converged communications

Five key trends and five best practice tips to help you improve your corporate communications 20 Nov 2008

PodcastAudio

Computing podcast: Europol's data sharing woes; credit card protection at Cotton Traders

The pan-European fight against organised crime is undermined by lax data sharing arrangements; and Cotton Traders enhances its credit card protection 20 Nov 2008

> More audio and video

Latest in-depth articles

StarFeatures

Retaining the stars of IT

Jim Mortleman investigates the innovative techniques IT leaders are using to hang on to their star performers 20 Nov 2008

Dave BaileyComment

Clouds darken outlook for Vista's successor

Windows 7 looks like being an improvement on Vista, but economic and environmental concerns may mean few enterprises will rush to adopt it 20 Nov 2008

> More in depth articles

Advertisement

Primary Navigation