Banks nearing agreement on Web security

Online banking customers could soon be given password-generating tokens in a bid to secure transactions
Written by Dan Ilett, Contributor

High Street banks are set to agree on a physical security device for all UK online customers to use.

This move to two-factor authentication, using physical security devices that generate a password to be used only once, could make customers more secure when banking online.

Identity theft emails, known as phishing attacks, cost banks £12m last year, according to the Association of Payment and Clearing Systems (APACS). Precise details of this two-factor device should be agreed on in May, with the banks expected to roll out devices within nine to 12 months.

"We are looking to get a UK standard for next month," said a spokesman for APACS. "We are hoping this will enable us to make rapid progress. It would also be good to get a global standard like Chip and PIN."

APACS said that Barclaycard and the high-profile bank Coutts has already issued some customers with identity devices.

Last year, former White House cybersecurity advisor Howard Schmidt urged banks to use issue customers with two-factor authentication. Schmidt is the chief security strategist of online auction eBay, which itself has yet to issue bidders with two-factor authentication devices.

Not everyone is so sure that two-factor authentication is the way forward, however. "People are selling two-factor authentication as the solution to our current identity-theft problems, but it was designed to solve the issues from 10 years ago," said security expert Bruce Schneier last month.

Editorial standards