High Street banks are set to agree on a physical security device for all UK online customers to use.
This move to two-factor authentication, using physical security devices that generate a password to be used only once, could make customers more secure when banking online.
Identity theft emails, known as phishing attacks, cost banks £12m last year, according to the Association of Payment and Clearing Systems (APACS). Precise details of this two-factor device should be agreed on in May, with the banks expected to roll out devices within nine to 12 months.
"We are looking to get a UK standard for next month," said a spokesman for APACS. "We are hoping this will enable us to make rapid progress. It would also be good to get a global standard like Chip and PIN."
APACS said that Barclaycard and the high-profile bank Coutts has already issued some customers with identity devices.
Last year, former White House cybersecurity advisor Howard Schmidt urged banks to use issue customers with two-factor authentication. Schmidt is the chief security strategist of online auction eBay, which itself has yet to issue bidders with two-factor authentication devices.
Not everyone is so sure that two-factor authentication is the way forward, however. "People are selling two-factor authentication as the solution to our current identity-theft problems, but it was designed to solve the issues from 10 years ago," said security expert Bruce Schneier last month.
Talkback
"It would also be good to get a global standard like Chip and PIN."
What about Biometrics, they are being introduced into Passports. Everyone has their own ID, which can't be stolen.
Of course a biometric can be stolen. All you need to do is record the information coming out the other end of the computer with the biometric scanner. When you're asked for your fingerprint, just play that information back. Simple.
Biometrics are not the be-all and end-all.
In addition, it is actually possible to steal a fingerprint off a bottle - Charlies Angels style - although I somehow doubt they'd grow a whole hand from it.... I can't remember who did the demonstration now though.
What a load of rubbish, look steve if someone at the check in says says "put your finger here" how is playing something going to affect it? it can't now ways, they will have a system designed not to be interfered with.
"Biometrics are not the be-all and end-all."
Yes they bloddy are!!
"In addition, it is actually possible to steal a fingerprint off a bottle - Charlies Angels style"
Jesus H Christ, what kind of a security expert are you, I don't watch Charlies Angel's and for your information the fingers have to have blood flowing through them, biometric scans can be taken of the vein arrangement in ones hand.
Also blood has to be pumping through the eye for a retinal scan, unlike in the film Demolition Man with wesley snipes and Sly Stalone where he took the guys eye out and stuck it on a pen, no mate its doesn't work like that.
Samuel
I think you may have missed the point of the first paragraph of the article...the security additions are for ONLINE customers, therefore there isn't going to be anyone saying "put your finger here".
"the fingers have to have blood flowing through them".
I was unaware that blood has to be flowing through the fingers.
"biometric scans can be taken of the vein arrangement in ones hand"
"can" or must? I would imagine that if it is a cost thing then if a unit has to be supplied to customers of on-line banks for use in the home, the banks will go for the cheaper option, like the Microsoft fingerprint keyboard. However even Microsoft state "The Fingerprint Reader should not be used for protecting sensitive data such as financial information or for accessing corporate networks"
The whole security issue is about online authentication, biometrics I’d say was pretty full-proof on the ground, like in air ports. What’s so hard about having a prompt such as a text box asking the user to “place finger here now”, there are other measures such as an online keyboard but ultimately biometrics is the safest option.
The example of the vein arrangement in a hand as proof of identification is just one way, similarly when taking retinal scans the blood vessels in the eye have to be pumping.
As for the cheapest option, well of course, banks may be rolling in it but they’re tight. Chip & Pin machines break even now and I can see lots of other problems with more complex machines like biometric scanners still the first generation of cheap scanner are available e.g. Microsoft Keyboard and they will get better and cheaper.
I look to the long term, the best scenario and biometrics is it, nothing else in my mind is safer. More work has to be done to bring the quality of scanners up and to bring the price down so that computers can be sold with them much like A4 scanners are sold now.
Security with NO new gadgets for cards/internet.
OVERLORD is 100% securie authentication for all transactions, even credit card transactions, in store and internet, access internet banking and even ATM transactions.
We do it all the work, you just add a few lines of code to your transaction system.
We do NOT require the customers' Name, Alias, Address, D.O.B., SSNo., Credit Card number, account number or details of the transaction etc, so there is no introduced risk of data loss.
The OVERLORD technology will immediately DETECT and PREVENT any account hijacking, attempt to use stolen card/account or number, unauthorised logon attempts and even unauthorised transactions at ATM's with stolen or forged cards and PIN's/passwords, even if the theft has NOT been reported..
The system is at least two factor multi-level and has the capability to immediately inform you and the real account holder/user and even law enforcement/retail security, directly at the street level.
We will guarantee NO LOSSES when your customers use our technology and will indemnify your customers against loss due to ANY unauthorised transaction by credit card, debit card, ATM card, or through any internet banking, eBay or Paypal account hijacking.
We have the solution to all your problems.
We can make all financial transactions safe.
Merchants will have no chargebacks due to unauthorised or fraudulent transactions, and enjoy knowing their accounts cannot be hijacked.
Credit and ATM cards are absolutely secure even if the Card, PIN, and password, are stolen without the knowledge of the victim.
ID theft is also prevented.
There are no out of pocket costs for consumers to use the technology.
The technology will work anywhere in the world.
We can do it for a fraction of your present losses.
Choose*:
a fee per transaction,
a fee per customer,
or,
a fee based on a percentage of your present losses.
*All include indemnity for any losses by any of your customers using the technology.
No loss, lower costs and more profits.
If you are interested in making your business the safest,
please contact me.