Banking giant HSBC announced on Monday that it is rolling out a two-factor authentication programme for its UK business customers.
The tokens used in the program will be distributed to 180,000 HSBC Business Internet users in the from May, the company said in a statement.
Business customers will use the single use security codes alongside their user ID and password to authenticate their online transactions.
The tokens all have slightly different algorithms that generate different numbers every thirty seconds, according to Mervyn Northam, head of Business Internet banking at HSBC. The back-end computer system tracks which code will be generated by each token depending on the time of day.
"Say your token has algorithm number 79, and it's 1305. The system will know the precise number you are on, and the numbers either side. The tokens aren't specific to certain customers when they are sent out, and each has a barcode which clients use to register the token," said Northam.
Encryption between the front-end and the back-end computer systems means that even if the front-end were compromised, no useful information could be gained by hackers, Northam claimed.
The technology has been rolled out in Hong Kong for a year, and has also been launched in the US. This is because both are smaller markets for HSBC, so it is easier to deploy new technologies, explained Simon Wainwright, head of business banking at HSBC.
"In the UK we have the largest business customer base, and so we had to make sure it worked first time," said Wainwright. "We're not risk averse, but we're risk cautious. Security levels have to be as high as possible without getting in the way of business."
The tokens will replace the existing HSBC system of digital certificates, where individual computers are certified and authorised for transactions.
"This will be more secure than digital certificates, which themselves are remarkably safe," said Wainwright. "A ridiculously small number of customers with digital certificates were stung by phishing scams," he added.
The head of business banking said that "the customer experience was not as good as it could be" with digital certificates because they could only be set up from one computer, while many people use multiple computers.
"Tokens will provide more access and convenience, and more mobility for our business Internet customers," said Wainwright.
Northam added there was a chance that digital certificates could be compromised to gain information, but stressed that this had never happened to an HSBC customer.
Lloyds TSB trialled two-factor authentication last year, while Alliance & Leicester will roll out its two-factor authentication product later this year.
In order to post a comment you need to be registered and logged in
Log in or create your ZDNet UK account below
By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Membership FAQ
@malca Define quality. I'm sure there are a few who can tell the visual difference between h264 and ogg/on2 in the lab. Probably a few more who can...
45 minutes ago by GreyCells on Sting in the tail for web's video codec search
While I can see where you're coming from here, however downloading the standalone sp2 from MS isn't that difficult (It's the first hit in google...
57 minutes ago by PeterI on The Agony of Reloading Windows
Adrian ZDNetUK BLOG: "Specialised Police Simulation Software Fits The Bill" http://bit.ly/biT0iU
1 hour ago on Twitter by ABridgwater ... and now for my cheesiest ever pun headline in a ZDNetUK blog
1 hour ago on Twitter by ABridgwater Why not say thanks for pointing out weaknesses and ridicule him for "ufo cover-up"? its a win win ! this is all major theater.
2 hours ago by youefou on McKinnon review court date set Having one standard would be much better but not if that one standard means lower quality video.
3 hours ago by malca on Sting in the tail for web's video codec search
Hi Jake, I like your definition. I would add "Free to support, in whatever way you see fit and appropriate, or not." jw
4 hours ago by J.A. Watson on Free Software Definition condensed
From what I've read here and elsewhere Viacom stands to lose very heavily from this spat. They have already lost all public credibility since it...
5 hours ago by Tezzer on Google, Viacom trade blows in YouTube copyright spat Still finding it difficult to get around the site. Some articles/comments seem to have reply links and some don't - only a link to the poster.
5 hours ago by Tezzer on ZDNet UK: faster, smarter, still IT all the way Unfortunately the real problem here is that a very small number of very big companies want to make a great deal of money out of this. Every house...
5 hours ago by Tezzer on It's high time we had a manifesto for fibre
this spam bot is exasperating
10 hours ago by dava4444 on I'd Rather Have a Bigger Byte Than a Little bit...Broadband :D I think the server exchange does slow down a bit round 5 to 7/8 pm but I find I mostly get 3 to 4 MBps on downloads and by that time there...
10 hours ago by dava4444 on I'd Rather Have a Bigger Byte Than a Little bit...Broadband night before last
10 hours ago by dava4444 on I'd Rather Have a Bigger Byte Than a Little bit...Broadband 5MBps, I saw 5.8
10 hours ago by dava4444 on I'd Rather Have a Bigger Byte Than a Little bit...Broadband honestly I do get
10 hours ago by dava4444 on I'd Rather Have a Bigger Byte Than a Little bit...Broadband thank you for the support. ..but in
10 hours ago by dava4444 on I'd Rather Have a Bigger Byte Than a Little bit...Broadband if you download a BIG file from the MS site then THAT is your *true* speed.
10 hours ago by dava4444 on I'd Rather Have a Bigger Byte Than a Little bit...Broadband Hi Fat Pop Do Wop!
10 hours ago by dava4444 on I'd Rather Have a Bigger Byte Than a Little bit...Broadband it filters the word 'aittude' mis spelled intentionally
10 hours ago by dava4444 on How to build a GUI for a toaster but with a fair amount of work, possibly. God Bless Dava
10 hours ago by dava4444 on How to build a GUI for a toasterFor multi-store outlets, including retail, banking, grocery, gas, hospitality, convenience stores and others, reducing (or avoiding) the cost of in-store system support and maintenance while maintaining compliance with PCI and other requirements has become a strategic challenge.
Speaker: Dr. Chenxi Wang, Principal Analyst, Security and Risk Management, Forrester Research, Inc. As Enterprises are increasingly connected to the Internet and as hard organizational boundaries are fast disappearing, security professionals are facing fresh challenges in Enterprise computing.
This tutorial is for new MindManager users and teaches you how to get started, by creating maps, reading maps and organizing your information.
Talkback
Once they do away with Internet Explorer only access to their banking site, then maybe they'd be a bit more risk aware.
10 Apr 06 17:32 ReplyWhy all the fuss when they cause losses themselves. At their India call centres they have such a bunch of useless managers who cant even take the decision to check system errors when informed. I recently read about this and was horrified.
18 Sep 06 06:09 ReplyA employee at their Bangalore call centre recently left as even after one and a half month they did not even bother to verify his two anti-fraud recommendations. Ought to have been checked the very same day going by all the fuss they make.
If correct Hsbc could have saved millions of pounds in money, time and man-hours.
Who's going to make up - customers I suppose.
Big talk Hsbc, India Hsbc a cheap bank. Snatch credit, forget to block the security holes. ....How can they penalise an employee for not revealing system flaw details to a manager. Agree with you vicky, I got quite a shock.
3 Oct 06 06:52 ReplyWorld class Hsbc throws out good guys retains, is that not what India is famous for - CORRUPTION.
We have to disconnect and redial as english of most guys in India is very bad or they simply can't understand the problem. Now we know, they have a bunch of useless managers and arse kissing Useless reps.......Cheapos
Another possible fraud by female, never investigated by Hsbc seniors at Bangalore, India.
20 Oct 06 12:46 ReplyWhen Hsbc came to know one of its female employees was security-compromised, that is she was running around with her pickup driver. He used to call he r 3-4 times a day and particularly after her shift.
This when employees cannot give thier number to drivers, strictly prohibited. It is known employees are compromised thru the opposite sex. Are you aware by servicing her what info of customers was passed/ leaked out.
Her name Diana (has 2 names, maiden name given in the Bank, not raised a doubt even after being informed), when this brought to the attn. of senior management, they did nothing, the Asst Vice President just expressed concern butdid not lift a finger. Why waste time attitude, its about UK right- let's go for that party....
All this took place in the Uk's Bangalore Call Center. She is still moving around with the driver, albeit a bit carefully. It was never verified if anything ever happened, if details were compromised. Hsbc will sing a different song and spend vast amount of its customer money if anything comes to light.
Mobile statements can be obtained, right.
Want more info to nail Hsbc, mail me at: mansurrizvi@yahoo.com