HSBC is to roll out two-factor authentication to its
business customers for online banking. It is the first UK bank to
announce such a move.
Two-factor authentication is any identifying protocol that
requires two independent ways to establish someone's identity and
access privileges.
HSBC plans to issue 180,000 business customers with Vasco secure
tokens between May and the end of July, following deployments in
the US and Hong Kong.
The tokens will replace an existing security system based on
digital certificates, following complaints from some customers that
it was difficult to use.
"We have had quasi-two-factor authentication on business banking
using digital certificates since we launched four years ago. From
an anti-fraud point of view, it is fantastic, but from a usability
view, it has not been as good," said Mervyn Northam, head of
business internet banking at HSBC.
The keyring-sized tokens will help to protect customers from
online fraud, including phishing, keylogger Trojans, hacking and
screen capture, the bank said.
Northam said the main challenge in installing the system was not
technical, but creating mechanisms to communicate with customers
and to deal with enquiries.
The bank believes that more secure access will encourage
customers who have left their online accounts dormant to start
using them again.
Mobile offer
HSBC and First Direct have become the first banks to offer
customers the ability to check their balances and view
mini-statements using their mobile phones. The service, Monilink,
was developed by cash machine operator Link and IT services firm
Morse.