[ISN] Banks step up security plans

InfoSec News isn at c4i.org
Mon Oct 10 00:08:27 EDT 2005


http://www.vnunet.com/computing/news/2143320/banks-step-security-plans

James Watson
Computing 
06 Oct 2005

SEVERAL UK high-street banks are expected to announce plans to
authenticate online transactions with some form of physical security
device before the end of the year.

But any such move will come in advance of publication of an industry
standard, which banking industry body Apacs had planned to release in
May, and has now pushed back to the end of the year.

Lloyds TSB will this month start trials of a "revolutionary new line
of defence in the fight against online fraud", with customers testing
a new way to log on to internet banking.

In May HSBC started a one-year rollout of security devices for its
870,000 Hong Kong customers, which industry sources regard as a
prelude to rollouts in other countries.

And earlier this year Barclaycard completed a six-month trial of a
security device (Computing, 17 March).

Any progress with so-called two-factor authentication from individual
banks will not necessarily be based on the industry-wide standard. But
Martha Bennett, research director at Forrester Research, says the
industry realises that security needs to be tightened, and some banks
feel they cannot afford to wait for the standard to arrive.

"Many of the banks are working on a two-track strategy: what's
happening with Apacs, and what they can do immediately," she said.

Bennett says several banks were set to launch products earlier this
year, but stopped when Apacs started work on a standard.

"Now they're realising that the risk is growing, and action needs to
be taken," she said.

Apacs says if its standard does not make the first phase of a
particular bank's project, it is confident it will be included in the
second phase. "The aim is not just to secure online banking, but also
about securing other online transactions," said a spokeswoman.

But not all banks are willing to go ahead without a standard:  
Barclaycard will wait to ensure interoperability between banks.

"We're looking at how to use it in the real world, in a number of
banking applications," said a spokesman for the bank.

Some 600,000 of the UK's 15 million internet banking users have
stopped banking online because of security fears, says Forrester.





More information about the ISN mailing list