While one of the leading banks has decided to trial two-factor authentication for online payments, other are being more cautious. Barclays plan to trial a two-factor authentication device for Internet payments based on the standard template for debit cards that was recently proposed by the Association of Payment and Clearing Systems (APACS) next year, the bank said this week.
The Barclays' move follows the announcement by Lloyds TSB last week that it was trialling an online payment system based on smart tokens.
"We will be undertaking larger-scale pilots next year based on Chip-and-PIN technology utilising a card reader and the customers debit card," David Mitchell, director of electronic banking for Barclays, said in a statement.
MasterCard Barclaycard was involved in a credit card chip and pin trial earlier this year, called the Chip Authentication Programme. "The trial targeted approximately 5000 MasterCard Barclaycard cardholders using their chip cards and a handheld reader to authenticate themselves for Internet payment," Mitchell said.
That device worked when the customer inserting their card into a reader and then entering their normal PIN, used at the point of sale or cash point, Mitchell said. The card validated the PIN and produced a one-time number which is displayed on the reader and can be verified by the card issuer's system. The customer is able to enter the number on the Internet, over the phone or use it to logon to Internet or telephone banking, Mitchell said.
NatWest, however, has no plans to trial a consumer chip and pin reader. "NatWest has no current plans to change our existing procedures," a spokesperson for the company said. This is because NatWest believes its existing online procedures are "robust". NatWest are also, however, "working closely with APACS on the authentication standard".
APACS last year reported UK losses to online fraud across the banking industry as being £12m.
"The strategic authentication device for the UK industry is based on Chip-and-PIN technology which in itself is relatively new," said Barclays' Mitchell. "The industry standard chip algorithm for authentication has already been agreed and we are working with APACS on the card reader standard which should be agreed shortly."
NatWest stands by the view that its authentication is strong enough already. "We have every confidence in the procedures we have at the moment. Our procedures are strong and very secure," the spokesperson said. "You can usually find statistics for any argument."