« Web 10.0 | Main | It's Not the Size of the Company That Determines Security »

Wasn't it deep in the bowels of a Washington DC parking garage that Deep Throat stepped out and told Woodward and Bernstein that if they wanted to break Watergate wide open, they had to follow the money.

I think the same can be said of the security industry in terms of pinpointing the next wave of identity and access management. Because while it may be true in some industries that image is money or time is money, what is most true in banking and finance is that money is money.

So I was quite interested to read about HSBC developing a new and alternative security authentication system after concluding that the current two-factor system simply wasn’t user-friendly or safe enough.

According to Computer Weekly, HSBC’s “out of band” authentication system relies on a customer’s phone to keep their account secure. When making a payment with HSBC, a pop-up appears asking which phone number they would like to be called on and then issues an instantaneous computer generated Pin number, which the user has to punch in once the bank calls.

The current two-factor system, which is backed by Apacs, requires customers to carry a card reader, which they then have to insert their debit card into when making a payment, and which then gives an eight digit password which they have to enter when prompted. HSBC is still testing the system, and expect to roll it out within a year.

"The two-factor system works for our business customers," said personal internet banking manager Nick Staib, "because more than one employee often needs access to the business accounts. They can keep a card-reading device in a drawer. But retail banking customers do not want to carry this device around, and are likely to make transactions in various different places."

The other factor, of course, is that HSBC believes that their system will provide better security. To gain control over a card reader system, all a hacker has to do is take control of the computer. Said Staib about HSBC’s system:

"We are working on the basis that there is no way for them to take control of your phone. Plus, someone in another country cannot pretend to be you, because they are not on the end of your home phone."

I guess then the scariest thing would be, when finding out exactly where you're being hacked from, you find out the attack is coming from the computer in the DEN!!! But I guess that scenario is more the stuff of Hollywood thrillers. I hope.

All week long I'm going to keep reminding you to sign up for the ebizQ Security Newsletter, where you get all the security news you need to know directly into your in-box. You can do that right here.

Posted by pschooff in Better Protection |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/2300