SINGAPORE--One of the biggest challenges in Internet banking is finding the balance between security and convenience, said an Oracle executive.
Hosting a media roundtable here Wednesday, Roman Tuma, Oracle's regional director for security and identity management solutions, noted that consumers do recognize two-factor authentication--through a hardware token--is a necessary security layer. However, most find it troublesome and are shunning online banking because of the added inconvenience, he said.
Detailing figures from an IDC Financial Insights survey published in October 2007, Tuma said 82 percent of consumers surveyed understood the purpose of bank-issued tokens. However, 74.3 percent said the token was "troublesome" and as a result, some 38 percent said they used online banking less often.
Beyond issues about the added inconvenience, Tuma noted that two-factor technology does not provide a sufficient security level.
"With Internet banking, once you pass the login page, the site trusts you. But the world is looking for something more," he said.
Tuma explained that monitoring a customer's transaction behavior after he has logged in, is the next level of security that banks need to implement.
User activity is measured against factors such as the customer's location, the type of device used, and unusual activity. The information is then logged and sent to network administrators if alarm bells need to be triggered.
Other forms of authentication banks should deploy include adding extra layers of security on top of existing login pages. These could complement methods such as preventing mouseclick logging by randomizing the placement of the login box, Tuma said.
In Singapore, two-factor authentication use has been mandated by the Monetary Authority of Singapore (MAS) since December 2006.