MasterCard, HSBC jump on the bandwagon
Millions of banking customers stand to benefit from increased security for online transactions, with Gemalto coming to market with a two-factor identification system for MasterCard and HSBC announcing its adoption of an out-of-band authentication system provided by Authentify.
Banks are working to cost-effectively secure remote channels for their customers, and many are turning to some form of two-factor authentication.
This works on the principle of requiring a specific badge, a card or even a mobile phone and an issued password or PIN number to gain access to a system.
It is most commonly based on smart card systems and the use of one-time non-reusable passwords. Ensuring passwords are automated to change after each use significantly increases security and reduces the risk of hackers or a rogue administrator harvesting individual log-ins for unauthorised remote access.
Gemalto has today made its Ezio Pocket Reader available for the MasterCard Advanced Authentication for Chip specification that enables two-factor authentication on any Europay, MasterCard or Visa (EMV) card.
The new Ezio reader makes it easier for banks to deploy strong authentication to their entire base of online customers, as they do not now need to make any changes to their legacy EMV cards.
The handheld device authenticates cardholders before they are able to carry out online transactions and displays to them a one-time password on the reader.
HSBC’s approach, which uses automated authentication services provider Authentify’s system, is said to offer even stronger security because it calls for user or transaction specific details to be entered via telephone, separately from the internet side of the online exchange.
The process is intended to isolate the authentication process from web threats and make it more difficult to tamper with an account even if armed with compromised identity information. It is considered the best defence against keystroke loggers.
In the UK Barclays, Lloyds TSB, Nationwide and Royal Bank of Scotland (RBS) all have two-factor systems in operation.