View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
January 7, 2009

Banks turn up two-factor security

MasterCard, HSBC jump on the bandwagon

By Jason Stamper

Millions of banking customers stand to benefit from increased security for online transactions, with Gemalto coming to market with a two-factor identification system for MasterCard and HSBC announcing its adoption of an out-of-band authentication system provided by Authentify.

Banks are working to cost-effectively secure remote channels for their customers, and many are turning to some form of two-factor authentication.

This works on the principle of requiring a specific badge, a card or even a mobile phone and an issued password or PIN number to gain access to a system.

It is most commonly based on smart card systems and the use of one-time non-reusable passwords. Ensuring passwords are automated to change after each use significantly increases security and reduces the risk of hackers or a rogue administrator harvesting individual log-ins for unauthorised remote access.

Gemalto has today made its Ezio Pocket Reader available for the MasterCard Advanced Authentication for Chip specification that enables two-factor authentication on any Europay, MasterCard or Visa (EMV) card.

The new Ezio reader makes it easier for banks to deploy strong authentication to their entire base of online customers, as they do not now need to make any changes to their legacy EMV cards.

The handheld device authenticates cardholders before they are able to carry out online transactions and displays to them a one-time password on the reader.

Content from our partners
How to turn the evidence hackers leave behind against them
Why food manufacturers must pursue greater visibility and agility
How to define an empowered chief data officer

HSBC’s approach, which uses automated authentication services provider Authentify’s system, is said to offer even stronger security because it calls for user or transaction specific details to be entered via telephone, separately from the internet side of the online exchange.

The process is intended to isolate the authentication process from web threats and make it more difficult to tamper with an account even if armed with compromised identity information. It is considered the best defence against keystroke loggers.

In the UK Barclays, Lloyds TSB, Nationwide and Royal Bank of Scotland (RBS) all have two-factor systems in operation.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU