Alliance leads two-factor roll-out

Alliance & Leicester last week raised the bar for online banking security with the launch of two-factor, two-way authentication for all its internet banking customers.

Alliance & Leicester last week raised the bar for online banking security with the launch of two-factor, two-way authentication for all its internet banking customers.

Rather than relying on a separate hardware token, such as the Vasco smart token that is being trialled by Lloyds TSB, Alliance & Leicester has used Passmark Security software to add another layer of security to its website. The same system was adopted by Bank of America 10 months ago.

The bank is the first in the UK to offer two-factor authentication to all its online customers.

The technology works by using a customer's PC or handheld device as the second-factor hardware device. Technology from Passmark takes a "fingerprint" of a customer's computer to verify identification, using HTTP headers, software configurations, hardware settings, IP address and geographic location.

Customers registering for the service choose a picture, write a phrase and pose a challenge question to help authenticate the bank to them. To use the service, they enter a log-in name and see the picture and their phrase, confirming they have reached Alliance & Leicester's site, and a password gives them access.

Phil Cracknell, a security expert at Capgemini, said the move was welcome, because it relied on local security but required nothing extra to be carried around by customers.

"The obvious risk is that if a registered laptop was stolen, that extra line of defence is gone, but that still leaves the usual security measures in place. It is just enough to make things more complex and difficult for fraudsters."

 

 

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close