Banks in the US and Europe will offer online customers
two-factor authentication using smart tokens within a year, RSA
Security predicted last week.
Two-factor authentication requires users to provide two pieces
of security data. RSA said consumers would use a single smart token
- a smartcard that slots into a PC and generates a one-time
passcode - to verify their identities to retail websites, banking
sites, telephone sales services and cash machines.
The news came as RSA unveiled plans to launch a managed service
that will make it easier for retailers and online banks to roll out
two-factor authentication to their customers.
The service, which will be piloted this year before being
released commercially, will allow customers of internet bank and
retail websites to gain access to multiple sites using a single
smart token.
The service, which offers better protection than websites
protected by passwords, has been tested by companies including
E*Trade Financial and Yahoo.
Banks and financial services companies are interested in the
service as a potential solution to the problem of phishing, which
cost banks in the UK an estimated £45m last year.
"For more than 20 years two-factor authentication has been a
prerequisite for accessing cash at an ATM, yet we still depend on
passwords to gain access to online resources," said Howard Schmidt,
chief security officer at eBay. "I expect to see more strong
authentication deployed to bolster existing security measures."
The announcement follows the launch last year of AOL’s secure
identification service.