News

HSBC develops new security authentication system

Rebecca Thomson

HSBC is developing an alternative form of security authentication after deciding the standard two-factor system was not customer-friendly enough.

HSBC's "out of band" system relies on the customer's phone to keep their account secure. When making a payment, a pop-up appears asking which phone number they want to be contacted on and containing a Pin number generated by the computer. HSBC will then ring them and ask them for this number.

The standard two-factor system, backed by industry body Apacs, requires customers to carry a card reader, which they insert their debit card into when making a payment. The reader then comes up with an eight-digit password, which they use to confirm the transaction on-screen when prompted.

HSBC is in the preliminary stages of testing the system, but it is not yet being trialled with customers. It hopes to roll it out within a year.

"The two-factor system works for our business customers," said personal internet banking manager Nick Staib, "because more than one employee often needs access to the business accounts. They can keep a card-reading device in a drawer.

"But retail banking customers do not want to carry this device around, and are likely to make transactions in various different places."

The out of band system also offers better security, said Staib.

"With the card reader system, a hacker can still take control of the computer no matter how the password is generated.

"We are working on the basis that there is no way for them to take control of your phone. Plus, someone in another country cannot pretend to be you, because they are not on the end of your home phone."

Online banking fraud jumped 44% in 2006, and banks are attempting to keep up with hackers, who are constantly finding new ways around security systems. Most other high street banks are rolling out the two-factor system.





Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy