Bank customers embrace two-factor authentication
By Rene Millman,
Over 90 per cent of bank account holders want to use two-factor authentication for online banking, according to new survey findings.
The study carried out by IT security company RSA Security, found that 91 per cent of bank customers are willing to start using a new authentication method, beyond the standard 'username-and-password', if their banks decided to offer stronger security.
The results from the company's fourth annual Financial Institution Consumer Online Fraud Survey found that 69 per cent of respondents believed that financial institutions should replace username-and-password log-in with stronger authentication for online banking.
The survey of 1,678 adults from eight countries found that 58 per cent of banking customers wanted their bank to deploy stronger authentication for telephone banking.
Phishing emails continue to erode confidence in receiving emails from banks. 82 per cent of account holders are less likely to respond to an email from their bank because of such scams - up from 79 per cent in 2005 and 70 per cent in 2004 - and more than half said that they would be less likely to sign-up for or use online banking as a result.
Another 44 per cent of people said that they have become increasingly concerned about other security issues such as trojans and keyloggers over the last six months.
Chris Young, vice president and general manager of Consumer Solutions at RSA Security said that the banking industry and the market in general are moving in the right direction.
"More than 90 per cent of consumers are now willing to use stronger security when it's deployed, and this is something that banks should take into consideration when looking to accelerate their business," he said.
Donal Casey, a security consultant with Morse said that with so much competition, banks can no longer rely solely on education to convince customers to give online banking another go. He said that the industry should follow Alliance and Leicester and Lloyds TSB banks and offer customers two-factor authentication.
"This will help to prove customer identity and reassure customers that they are logging into the bank's genuine online banking website - addressing two of the biggest security concerns of both banks and customers alike," said Casey. "Only by taking such steps, can banks hope to eradicate misconceptions and beat cyber crime."
Other experts said that mounting pressure from consumers is forcing banks to seriously counter threats from criminals on the internet, but giving customers key fobs with one-time passcodes isn't the only solution.
"Banks must act now to lead the fight against fraud. Mobile phone authentication is only one of a number of available options, it is an attractive solution to combating fraud," said Paul Meadowcroft, head of transactions security at Thales e-Security.
"SIM cards are the largest application of smart card technology in the world so there is value in harnessing their growing processing power to perform other tasks such as identity authentication," he said.
Others think that costs will be a major factor in the deployment of tokens for bank customers.
"Fingerprint biometrics for example is a cost effective way to add a 'factor' to the authentication process," said George Skaff, vice president of DigitalPersona. "In addition, biometric systems can replace non-secure passwords that are used by the users or bank employees, which add convenience and savings for the IT support teams within the banks."
He said that fingerprint biometrics also works very well for home internet users that are willing to pay for the relatively low cost reader and accompanying software needed to use it."
He said that people in the US and Europe are reluctant to use biometrics and so people have to have their perceptions changed in order to accept the technology as most people still believe biometrics to be an invasion of privacy.
He said that people must start to realise that fingerprint systems only capture mathematical representations of fingerprints and not the fingerprints themselves. He said there would soon be an abundance of fingerprint readers available in everyday technology such as computers, cell phones and PDAs.
Some thought that two factor authentication would not solve the problem of proving the identity of the company that the consumer is dealing with.
Many companies, particularly financial institutions, still operate on the age old model of asking the customer to prove their credentials - where two-factor is a big improvement - but not proving theirs (the bank's) to the customer," said Simon Perry, Security Strategy vice president at software firm CA. "This is what phishing and ID theft relies upon, to really overcome these issues there needs to be a form of two-way authentication."
advertisement
Latest Security Features
The continued curse of cybersquatting
For some, it’s a problem confined to the early days of the Internet. But current figures suggest that the cybersquatting problem is, if anything, growing.
- Where next for Microsoft, Yahoo and Google?
- Top 10 mobile features of 2009
- Top 10 security predictions for 2009
- Top 10 reviews of 2008
- The year in IT news
- Top 10 security stories of 2008
- Top 10 business phones of 2008
- 15 tech charities that need your help
- PCI's Bob Russo: Data loss hurts brand more than a fine
Latest Security Reviews
Fujitsu Siemens FibreCAT SX80 iSCSI
Rating: 
advertisement
Latest News Videos in Security
Video: Mobile security threats and Mac complacency
PlayPart two: Eugene Kaspersky, chief executive and founder of Kaspersky Lab, talks about the increasing security threats mobile users are facing.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?