April 14, 2005 12:22 PM PDT
British banks to provide extra Web security
- Related Stories
Bigger phishes ready to spawnApril 13, 2005
Schmidt: More cops needed for high-tech beatApril 6, 2005
Expert: Better ID checks won't beat fraudMarch 15, 2005
E*Trade adopts additional security for tradersMarch 1, 2005
Finding a replacement for passwordsFebruary 23, 2005
Password imperfectDecember 9, 2004
This move to two-factor authentication could make customers more secure when banking online. Such systems use a physical security device that generates a password to be used only once.
Identity theft e-mails, known as phishing attacks, cost U.K. banks $22.6 million last year, according to the Association of Payment and Clearing Systems, which represents the British banking industry.
Precise details of the two-factor device should be agreed upon in May, with the banks expected to roll out devices within nine to 12 months.
"We are looking to get a U.K. standard for next month," said an APACS representative. "We are hoping this will enable us to make rapid progress. It would also be good to get a global standard."
APACS said that credit card issuer Barclaycard and the high-profile bank Coutts have already issued some customers identity devices.
Last year, former White House cybersecurity adviser Howard Schmidt urged banks to use issue customers with two-factor authentication. Schmidt is the chief security strategist of online auction eBay, which itself has yet to issue bidders two-factor authentication devices.
Not everyone is so sure that two-factor authentication is the way forward, however. "People are selling two-factor authentication as the solution to our current identity theft problems, but it was designed to solve the issues from 10 years ago," security expert Bruce Schneier said last month.
Dan Ilett of ZDNet UK reported from London.