Microsoft: Two-factor authentication would thwart phishers

Microsoft IT Forum: Banks are investigating whether they should force their customers to supply more identification, says Microsoft's head security strategist

Banks are looking to bring down the number of phishing attacks by adopting two-factor authentication, which would force their users to produce two forms of identification, Microsoft said on Tuesday.

The software giant's chief security strategist, Scott Charney, said that companies had failed to adopt the technology as fast as he would have liked.

"We haven't had as much adoption as you would hope for," said Charney. "A lot of solutions for two-factor authentication are for enterprise spaces. If you get two-factor authentication to the consumer level, you reduce the phishing threat."

Phishing attacks are identity theft emails that are written to look as if they were sent from legitimate organisations. Companies such as eBay and PayPal and many of the UK's high street banks have seen their customers targeted by the fraudsters behind such scams.

Earlier this year, the National Hi-Tech Crime Unit estimated that identity fraud accounted for the majority of high-tech crime, which was thought to be worth billions of pounds per year.

"Banks are looking at [two-factor authentication]," Charney added. "The real issue is the consumer acceptance. This kind of security when implemented is not often viewed as friendly. There is a challenge in how you communicate this."

Earlier this month Howard Schmidt, former cybersecurity advisor to the White House, called for companies to implement two-factor authentication. He said that the technology was already available and that people had to supply more credentials for Internet transactions.

But the Association for Payment Clearing Services (APACS), which represents the banking industry, said on Wednesday that no decisions have been taken to go ahead with two-factor despite the rise in phishing attacks.

"The fact is it's a massive undertaking," said Tom Salmond, a managing consultant in the e-banking fraud liaison group at APACS. "It's under active consideration, but no decisions have been made at this time."

Richard Clarke, another former cybersecurity advisor to the White House, said earlier this month that online banking transactions cost just half of 1 percent of a physical transaction.