Barclays to increase security with card readers for online customers

Barclays is to offer its banking customers an interoperable card reader by the end of this year or early 2007 as part of efforts to strengthen its online security.

Barclays is to offer its banking customers an interoperable card reader by the end of this year or early 2007 as...

part of efforts to strengthen its online security.

The card reader for online transactions will be based on the recently established standard from the Association for Payment Clearing Services. It will enable more secure money transfers for customers by generating a unique authentication code for each transaction when a chip and Pin debit or credit card is inserted.

Barclays is the first high street bank to put a timetable on its plans to deploy card readers, although it said it remained open to taking another approach should a better alternative present itself.

Ian Morgan, Barclays' head of channel development for electronic banking, said that, at this stage, the card reader was the bank's preferred two-factor authentication device.

Other options include the Vasco smart tokens being trialled by Lloyds TSB, and Alliance & Leicester's two-way, two-factor web security offering from Passmark Security.

"The era of static log-on credentials is coming to an end," said Morgan. "We engaged with Apacs during its consultation over the card reader standard and are very likely to progress with this on the basis that it offers the strongest front-end security."

Barclays has rolled out a behind-the-scenes transaction-monitoring system from RSA Security designed to cut online fraud. RSA Cyota Transaction Monitoring works in real time, analysing and scoring all online banking transactions according to the risk they pose.

The bank can then decide how to handle high-risk transactions, either by blocking them or by conducting a manual review and seeking further identification from the user.

The system also provides a second factor of transparent authentication by examining the IP address, user and device profiles associated with the transaction.

Morgan said the bank's fraud team, which has been enlarged to scrutinise all the transactions flagged by the system, was paying particular attention to payments between different customer accounts at Barclays, as it was this type of transaction where fraud was most likely to occur.

"We were warned it would not be an immediate panacea, but in the three weeks or so we have been using it we have already seen tangible benefits," he said.

Read article: Barclays boosts risk management

Read article: Limits of token gestures



Enjoy the benefits of CW+ membership, learn more and join.

This Content Component encountered an error



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: