Last week, major Australian banks gathered in Sydney with the Banking and Financial Services Ombudsman to discuss the security of online commerce in a closed-to-media event organised by the ABA.
The issue of two-factor authentication, which requires two forms of identification, was a major talking point throughout the conference, attendees told ZDNet Australia . National Australia Bank and Bendigo Bank currently offer such security to customers, utilising SMS and password tokens as additional protective measures.
The added layers are meant to combat a continued rise in phishing and cybercrime attempts on bank customers. Some Australian banks have fallen victim to copycat Web sites whereby phishers record the login details of unsuspecting clients.
Microsoft chief security adviser Peter Watson, who attended the conference, said there was concern at consumers' reluctance to conduct transactions online due to the perceived risks.
"They now recognise it's a credibility issue," he said of the banks. "It affects their ability to take more transactions to their customers. It's causing banks costs."
ABA members had realised they were increasingly dependent on the security levels of their customers, according to Watson.
"The banks are almost at a brick wall [stage] with security," he said.
"No matter what we do in terms of ramping up internal security, if consumers don't have the technology to allow [improvements] to occur, there's no point."
Whether two-factor authentication will be adopted industry-wide is unclear, however.
"There was discussion ... as to whether they should go down an individual or industry approach," Watson said.
While some banks have adopted such a system, there was some support for an industry approach, according to Watson.
The possibility of standards development for two-factor authentication was one reason.
The ABA was looking for a strategic, rather than tactical, solution, he said. "There's no point in the banking sector going and addressing two-factor without the support of ISPs and major retail sites."
The conference concluded without major agreement on the way forward. Watson said whether banks will implement their own defences or follow an industry approach remained unresolved.
Another conference presenter, Peter Cassidy, secretary general of the Anti-Phishing Working Group, said mandating two-factor authentication has to be approached with care.
"Saying two-factor is 'it' excludes a number of other approaches that may also be effective," Cassidy told ZDNet Australia .
He expressed confidence that an improved security system would eventually be commonplace across the financial industry.
"Some kind of multi-factor [system] will come forward," he said. "It's on the cards everywhere."