HSBCis developing an alternative form
of security authentication after deciding the standardtwo-factorsystem was not
customer-friendly enough.
HSBC's "out of band" system relies on the customer's phone to
keep their account secure. When making a payment, a pop-up appears
asking which phone number they want to be contacted on and
containing a Pin number generated by the computer. HSBC will then
ring them and ask them for this number.
The standard two-factor system, backed by industry body
Apacs, requires customers to carry a card reader, which they
insert their debit card into when making a payment. The reader then
comes up with an eight-digit password, which they use to confirm
the transaction on-screen when prompted.
HSBC is in the preliminary stages of testing the system, but it
is not yet being trialled with customers. It hopes to roll it out
within a year.
"The
two-factor system works for our business customers," said
personal internet banking manager Nick Staib, "because more than
one employee often needs access to the business accounts. They can
keep a card-reading device in a drawer.
"But retail banking customers do not want to carry this device
around, and are likely to make transactions in various different
places."
The out of band system also offers better security, said
Staib.
"With the card reader system, a hacker can still take control of
the computer no matter how the password is generated.
"We are working on the basis that there is no way for them to
take control of your phone. Plus, someone in another country cannot
pretend to be you, because they are not on the end of your home
phone."
Online banking fraud jumped 44% in 2006, and banks are
attempting to keep up with hackers, who are constantly finding new
ways around security systems. Most other high street banks are
rolling out the two-factor system.