Two-factor authentication (2FA) solutions help secure your company's digital assets from end to end.
With such effective precedents now widely in use in government and enterprise, the banking sector is establishing its own use for two- factor authentication technology.
For banks, authenticating each user at the customer-facing gateway has been a major focus since eBanking began more than 10 years ago. They continue to strive to reconcile two key issues: fast and easy access to online services, and robust security to combat the threat of phishing attacks.
These dangers can’t be taken lightly. The latest online fraud figures from the Association for Payment Clearing Services (APACS) show that card fraud losses in the UK topped £600 million in 2008. Card-notpresent fraud was up 13% on 2007, with card ID theft also up by nearly 40%. It’s this ever-present danger that is pushing authentication technology away from static forms and on to more dynamic platforms.
One system that has been successful in fighting financial eCrime is Barclays’ PINsentry, the pioneer in offline card reader-based authentication. "Phishing attacks started in the UK in late 2004," explains David Mitchell, Senior Manager, Digital Operations and Fraud at Barclays. "We saw that static credentials were no longer good enough for new thirdparty payment transactions and for new functionality we want to add to our online banking service." Barclays decided to move to dynamic authentication via a token system in 2005 after multiple trials and usability studies. "We wanted to give customers ownership of their accounts and for them to be able to make payments and access future services," says Mitchell. "With phishing attacks increasing, static credentials simply wouldn’t be strong enough to offer these future services online."
Now, all the customer needs to do is insert their standard chip-enabled bank card into the PINsentry reader and type in their PIN. They carry the device with them and can perform these secure online transactions from any personal computer.
"The system works by securing the logon using the PINsentry device to generate a one-time-only pass code," explains Mitchell. "This is a stronger authentication method than static credentials, as the code is spent once the customer has used it."
"We also ask our customers to digitally sign any third-party payments they set up online using the PINsentry device."
Customers have welcomed the use of card readers. In a survey by Mapa earlier this year, three quarters of Barclays’ customers said they now feel more confident when using online banking services.