Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information Security Agency (Enisa).

The agency launched a paper on Thursday detailing the risks of using electronic identification smartcards for online banking services. A number of European countries have proposed the use of ID smartcards for online transactions. The Enisa paper points out which risks need to be mitigated for those transactions to be acceptably safe.

Enisa spokesman Ulf Bergstrom told ZDNet UK on Thursday that human and technology aspects are "intrinsically linked". However, in terms of processes, Enisa said that governments and banks need to cooperate more closely for smartcard authentication to work.

"The biggest room for technical improvement which we underline is that banks and governments must cooperate better to be able to use national eID cards for banking purposes," said Bergstrom.

Risks include flaws in smartcard design and cryptography, vulnerabilities in the user's PC, weaknesses in authentication architecture, weaknesses in infrastructure, and lack of user awareness.