Royal Bank of Scotland is the latest bank to issue card
readers to its online banking customers to help prevent
fraud.
Barclays announced a similar move last month. Royal Bank of
Scotland has signed a contract with XIRING to supply the readers,
and first customers are receiving their personal readers this
week.
XIRING Xi-Sign 4000 for Apacs is a strong
authentication system using remote card authentication technology
to secure online banking. This security solution has been defined
by the UK bank clearing association Apacs as the UK standard for
securing e-banking and e-commerce.
Xi-Sign 4000 for Apacs is a two-factor authentication solution
based on the payment EMV Chip & Pin card. It is a portable,
standalone smartcard reader that allows customers to log in to
their online bank accounts with a higher level of security.
Users insert their Chip & Pin banking card into the device,
and type in their four-digit Pin to authenticate locally with the
card. Having typed in a code provided by the bank, the reader then
displays a dynamic password generated by the card chip. This
eight-digit password is valid a single time when accessing banking
services via the web portal.
Based on the MasterCard Chip Authentication Programme, endorsed by
Visa as Dynamic Passcode Authentication, the Apacs standard uses
the EMV banking card scheme already deployed, to provide a standard
specification available to all UK banks to secure online banking
services.
Bank fraud drives adoption of two-factor
authentication >>
Barclays readers welcome but no cure-all, say
experts >>
UK banks face phishing chaos >>
Banks prepare lawsuit over TJX data breach
>>
David Lacey’s security blog >>
The latest ideas, best practices, and business issues associated
with managing security
Stuart King’s risk management blog
>>
Dealing with the operational challenges of information security and
risk management
Comment on this article:
computer.weekly@rbi.co.uk