Alliance & Leicester last week raised the bar for
online banking security with the launch of two-factor, two-way
authentication for all its internet banking customers.
Rather than relying on a separate hardware token, such as the
Vasco smart token that is being trialled by Lloyds TSB, Alliance
& Leicester has used Passmark Security software to add another
layer of security to its website. The same system was adopted by
Bank of America 10 months ago.
The bank is the first in the UK to offer two-factor
authentication to all its online customers.
The technology works by using a customer's PC or handheld device
as the second-factor hardware device. Technology from Passmark
takes a "fingerprint" of a customer's computer to verify
identification, using HTTP headers, software configurations,
hardware settings, IP address and geographic location.
Customers registering for the service choose a picture, write a
phrase and pose a challenge question to help authenticate the bank
to them. To use the service, they enter a log-in name and see the
picture and their phrase, confirming they have reached Alliance
& Leicester's site, and a password gives them access.
Phil Cracknell, a security expert at Capgemini, said the move
was welcome, because it relied on local security but required
nothing extra to be carried around by customers.
"The obvious risk is that if a registered laptop was stolen,
that extra line of defence is gone, but that still leaves the usual
security measures in place. It is just enough to make things more
complex and difficult for fraudsters."