Barclays is to offer its banking customers an
interoperable card reader by the end of this year or early 2007 as
part of efforts to strengthen its online security.
The card reader for online transactions will be based on the
recently established standard from the Association for Payment
Clearing Services. It will enable more secure money transfers for
customers by generating a unique authentication code for each
transaction when a chip and Pin debit or credit card is
inserted.
Barclays is the first high street bank to put a timetable on its
plans to deploy card readers, although it said it remained open to
taking another approach should a better alternative present
itself.
Ian Morgan, Barclays' head of channel development for electronic
banking, said that, at this stage, the card reader was the bank's
preferred two-factor authentication device.
Other options include the Vasco smart tokens being trialled by
Lloyds TSB, and Alliance & Leicester's two-way, two-factor web
security offering from Passmark Security.
"The era of static log-on credentials is coming to an end," said
Morgan. "We engaged with Apacs during its consultation over the
card reader standard and are very likely to progress with this on
the basis that it offers the strongest front-end security."
Barclays has rolled out a behind-the-scenes
transaction-monitoring system from RSA Security designed to cut
online fraud. RSA Cyota Transaction Monitoring works in real time,
analysing and scoring all online banking transactions according to
the risk they pose.
The bank can then decide how to handle high-risk transactions,
either by blocking them or by conducting a manual review and
seeking further identification from the user.
The system also provides a second factor of transparent
authentication by examining the IP address, user and device
profiles associated with the transaction.
Morgan said the bank's fraud team, which has been enlarged to
scrutinise all the transactions flagged by the system, was paying
particular attention to payments between different customer
accounts at Barclays, as it was this type of transaction where
fraud was most likely to occur.
"We were warned it would not be an immediate panacea, but in the
three weeks or so we have been using it we have already seen
tangible benefits," he said.
Read article:
Barclays boosts risk management
Read article:
Limits of token gestures