printer friendly version

Two-factor authentication

A flood of new security attacks targeting banking customers over the last 12 months has forced organisations or regulatory bodies to introduce new directives covering the recommended use of two-factor authentication by online banks by the end of 2006.

These groups believe that single-factor authentication (the use of a username and password) is now inadequate to protect users against recent Internet scams such as phishing, pharming and RAT attacks. By the end of 2006, many Asia, and all US online banks will be required to implement two-factor authentication, which relies on something the consumer has, such as a token or smartcard to more strongly identify the individual.

The big challenge that banks now face, is how to quickly introduce two-factor authentication, but ensure that the chosen method is convenient enough for broad consumer adoption while keeping costs down.

Two-factor authentication (2FA) augments user knowledge (usually in the form of a username and password) with the requirement to carry a personal possession, which is used to receive a one-time (single-use) password. Two-factor authentication also brings added business benefits, by increasing the dialogue between the brand and the customers. This enables companies to:

* Maintain customer trust and loyalty by providing a secure online banking solution.

* Reduce fraud, and the associated costs incurred through recovery and administration.

* Protect and strengthen their brand by minimising the risk of online identity fraud.

* Capture valuable customer data, and send marketing information to registered customers.

* Attract new customers - with a convenient, secure and easy-to-use solution.

Consumer convenience

Although two-factor authentication solutions have been available for a number of years, they have utilised proprietary pieces of hardware such as authentication tokens or key-fobs. Although sufficient for authenticating hundreds of users, hardware tokens prove too costly to deploy in consumer environments for the following reasons:

1) Each token needs to be securely delivered to the consumer through a parcel service such as UPS or FedEx.

2) Hardware tokens are proprietary, and hence expensive, commonly costing in excess of $50 each.

3) Hardware tokens have a limited lifespan, and regularly break, or lost or misplaced, rendering the user helpless.

Several large financial institutions are now starting to implement two-factor authentication, to re-establish trust with their users, fearing that if nothing is done profits will be lost, customer confidence will drop, and the brand will be damaged for long-term disadvantage.

Summary

According to recent surveys, identity theft is seeing the largest increase over any other kind of crime worldwide. Depending on what methods of security are implemented by the organisation you are doing business with and what relationship you have with them, secure access can be achieved. Securing access from any location, using any device is not an impossible task but can be overcome by thinking about how users access applications and data in a real-world scenario. Only then can user trust be re-established and all the benefits of using online communications can come true resulting in maximum customer satisfaction, speedy collaboration, and significant competitive advantage.

Robin Gertsen is the senior product marketing manager at PortWise.

Share this article:

Further reading: