Bank customers embrace two-factor authentication
Analysis: New research shows that online banking users want two-factor authentication, but is giving them key fobs the only solution?
Over 90 per cent of bank account holders want to use two-factor authentication for online banking, according to new survey findings.
The study carried out by IT security company RSA Security, found that 91 per cent of bank customers are willing to start using a new authentication method, beyond the standard 'username-and-password', if their banks decided to offer stronger security.
The results from the company's fourth annual Financial Institution Consumer Online Fraud Survey found that 69 per cent of respondents believed that financial institutions should replace username-and-password log-in with stronger authentication for online banking.
The survey of 1,678 adults from eight countries found that 58 per cent of banking customers wanted their bank to deploy stronger authentication for telephone banking.
Phishing emails continue to erode confidence in receiving emails from banks. 82 per cent of account holders are less likely to respond to an email from their bank because of such scams - up from 79 per cent in 2005 and 70 per cent in 2004 - and more than half said that they would be less likely to sign-up for or use online banking as a result.
Another 44 per cent of people said that they have become increasingly concerned about other security issues such as trojans and keyloggers over the last six months.
Chris Young, vice president and general manager of Consumer Solutions at RSA Security said that the banking industry and the market in general are moving in the right direction.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"More than 90 per cent of consumers are now willing to use stronger security when it's deployed, and this is something that banks should take into consideration when looking to accelerate their business," he said.
Donal Casey, a security consultant with Morse said that with so much competition, banks can no longer rely solely on education to convince customers to give online banking another go. He said that the industry should follow Alliance and Leicester and Lloyds TSB banks and offer customers two-factor authentication.
"This will help to prove customer identity and reassure customers that they are logging into the bank's genuine online banking website - addressing two of the biggest security concerns of both banks and customers alike," said Casey. "Only by taking such steps, can banks hope to eradicate misconceptions and beat cyber crime."
Other experts said that mounting pressure from consumers is forcing banks to seriously counter threats from criminals on the internet, but giving customers key fobs with one-time passcodes isn't the only solution.
"Banks must act now to lead the fight against fraud. Mobile phone authentication is only one of a number of available options, it is an attractive solution to combating fraud," said Paul Meadowcroft, head of transactions security at Thales e-Security.
"SIM cards are the largest application of smart card technology in the world so there is value in harnessing their growing processing power to perform other tasks such as identity authentication," he said.
Others think that costs will be a major factor in the deployment of tokens for bank customers.
"Fingerprint biometrics for example is a cost effective way to add a 'factor' to the authentication process," said George Skaff, vice president of DigitalPersona. "In addition, biometric systems can replace non-secure passwords that are used by the users or bank employees, which add convenience and savings for the IT support teams within the banks."
He said that fingerprint biometrics also works very well for home internet users that are willing to pay for the relatively low cost reader and accompanying software needed to use it."
He said that people in the US and Europe are reluctant to use biometrics and so people have to have their perceptions changed in order to accept the technology as most people still believe biometrics to be an invasion of privacy.
He said that people must start to realise that fingerprint systems only capture mathematical representations of fingerprints and not the fingerprints themselves. He said there would soon be an abundance of fingerprint readers available in everyday technology such as computers, cell phones and PDAs.
Some thought that two factor authentication would not solve the problem of proving the identity of the company that the consumer is dealing with.
Many companies, particularly financial institutions, still operate on the age old model of asking the customer to prove their credentials - where two-factor is a big improvement - but not proving theirs (the bank's) to the customer," said Simon Perry, Security Strategy vice president at software firm CA. "This is what phishing and ID theft relies upon, to really overcome these issues there needs to be a form of two-way authentication."
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.