First Directis helping overcome
customer fears of phishing attacks through technology that tells
customers whether they are on the genuine site or not.
First Direct, which is HSBC's online banking division, has
implemented a digital security certificate from
Verisign that will prevent customers from being coaxed into
phishing websites.
Phishing is the practice used by fraudsters who recreate an
online banking website and steal the personal log-in details from
victims.
The Verisign Extended Validation secure socket layer
certificates will inform users of the Internet Explorer version 7.0
web browsers whether they are on the legitimate First Direct site
or not.
Jonathan Etheridge, head of e-futures at First Direct, said this
method of security does not change the user experience. "The
certificate sits on the web server that does the online banking and
when a user is on the genuine site a green bar appears but if it is
not legitimate a red bar appears," said Etheridge.
He said web browsers such as Opera and Firefox will support the
security feature in the future.
He said this system is a good way of providing security without
inconveniencing the users. "The key is to make it as difficult as
possible for the attacker but not inconvenient for the customer,"
he said.
He said First Direct has taken an approach of introducing lots
of different security measures that do not make the user experience
more difficult. "Two-factor authentication is not the be all and
end all. We have put lots of barriers in that the customer does not
see."