Chip and PIN: two-factor authentication



Similar documents
KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS

A brief on Two-Factor Authentication

Internet Banking Attacks. Karel Miko, CISA DCIT, a.s. (Prague, Czech Republic)

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

Two-Factor Authentication and Swivel

What Merchants Need to Know About EMV

Streamline Cardholder Authentication. Avoid being the target of online fraud

Accessing Derbyshire County Council s Outlook Web Access (OWA) Service. Mobile Phone SMS version

These additional levels of security are NOT required if you are using a Derbyshire County Council machine on council premises.

SOLUTION BRIEF ADVANCED AUTHENTICATION. How do I increase trust and security with my online customers in a convenient and cost effective manner?

Safe and Sound Processing Telephone Payments Securely. A white paper from Barclaycard and Visa Europe leading the way in secure payments April 2015

Protect Your Customers and Brands with Multichannel Two-Factor Authentication

Enhancing Payment Card Security New Measures to be Phased in from 2 nd Quarter 2010 to 1 st Quarter 2011

Proven. Trusted.

Guide to credit card security

IDENTITY & ACCESS. Providing Cost-Effective Strong Authentication in the Cloud. a brief for cloud service providers

Case Study SMS Two Factor Authentication. Contact us Infracast Ltd, Merlin House Brunel Road, Theale, Berkshire, RG7 4AB

Multi-factor authentication

CA ArcotOTP Versatile Authentication Solution for Mobile Phones

Ultra-strong authentication to protect network access and assets

What the Future of Online Banking Authentication Could Be

EMV FAQs. Contact us at: Visit us online: VancoPayments.com

Entrust IdentityGuard

Guide to Evaluating Multi-Factor Authentication Solutions

USER-FAQ (2FA) Q. What are the key features of Fraud Management Solution (Baroda isecure)?

Secure Payments Framework Workgroup

BlackShield ID Best Practice

Strong authentication of GUI sessions over Dedicated Links. ipmg Workshop on Connectivity 25 May 2012

Using Real Time Interactive Notifications to Effectively Fight Fraud, Accelerate Resolution and Increase Customer Loyalty

Whitepaper MODERN THREATS DRIVE DEMAND FOR NEW GENERATION TWO-FACTOR AUTHENTICATION

Strong Authentication for Secure VPN Access

Business Internet Banking security user guide

BlackShield ID Agent for Remote Web Workplace

White Paper. The Principles of Tokenless Two-Factor Authentication

Presentation Rundown. Introduction Product Overview Product Features Product Value Product Applications Question and Answer

How to reduce the cost and complexity of two factor authentication

location of optional horizontal pic Corporate and Investment Banking Business Online Information Security

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

Remote Access Securing Your Employees Out of the Office

STRONGER ONLINE SECURITY

Securing corporate assets with two factor authentication

ISO27001 Controls and Objectives

Fraud Trends. HSBCnet Online Security Controls PUBLIC

EuroCommerce position paper Online e-payments

French Justice Portal. Authentication methods and technologies. Page n 1

Frequently Asked Questions (FAQ) on HSBC Chip Credit Cards

FRAUD ALERT THESE SCAMS CAN COST YOU MONEY

Review Paper on Two Factor Authentication Using Mobile Phone (Android) ISSN

Ensuring security the last barrier to Cloud adoption

Facebook s Security Philosophy, and how Duo helps.

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

A CHASE PAYMENTECH WHITE PAPER. Uncovering Five Myths About M-Commerce

IDENTITY MANAGEMENT. February The Government of the Hong Kong Special Administrative Region

An Overview and Competitive Analysis of the One-Time Password (OTP) Market

How To Get A Cloud Based Contact Centre

Remote Access Policy

Simplifying Security with Datakey Axis Single Sign-On. White Paper

Ultra-strong authentication to protect network access and assets

Ultra-strong authentication to protect network access and assets

IDRBT Working Paper No. 11 Authentication factors for Internet banking

WHITE PAPER. The latest advancements in SSL technology

3 Marketing Security Risks. How to combat the threats to the security of your Marketing Database

People, payments and the future report

MODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION

A RE T HE U.S. CHIP RULES ENOUGH?

View from a European Trust Service Provider Server Signing: Return of experience and certification strategy

The evolution of data connectivity

Out-of-Band Multi-Factor Authentication Cloud Services Whitepaper

PageScope Enterprise Suite 3.0

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING

Tokenization: FAQs & General Information. BACKGROUND. GENERAL INFORMATION What is Tokenization?

How To Audit Health And Care Professions Council Security Arrangements

Rothschild Visa Card Terms and Conditions

Transcription:

Chip and PIN: two-factor authentication

Chip and PIN: two-factor authentication As online banking fraud continues to grow, consumers deep-seated security fears remain one of the biggest barriers to online banking in Europe. But now BT is developing a service offering for two factor authentication that can help banks tackle customer fears head on. Steve Martin reports There are three reasons why internet banking requires increased security: online fraud is on the up; customers need reassuring; and changes in the industry demand it. There is no doubt that chip and PIN is helping in the battle against many types of fraud. Losses due to fraudulent card activity are down 13% year-on-year since the arrival of chip and PIN. But it is not all good news. Criminals are switching their attack to online transactions. In 2005 card not present (CNP) fraud was estimated at 183.2m, up 21% on 2004, (APACS). Much of this CNP fraud is committed online 23.2m in 2005 (APACS). These figures may rise dramatically as criminals increasingly target the perceived weaknesses in online security.

Protecting your customers We know that many potential internet customers are put off by worries about security. Any big increase in fraudulent activity would play to these fears and make it even more difficult to develop this channel. While customers should be responsible for keeping their finances secure, they still look to their banks for action and reassurance. According to the FSA, An overwhelming majority (95%) also feel their bank has at least some responsibility in providing online protection, and almost half feel their bank is solely responsible Our survey suggests that over three-quarters of customers would simply stop banking online if liability were shifted. (Research conducted by NMG Research/IPSOS on behalf of FSA in October/November 2005). Clearly, banks have to demonstrate their commitment to protecting their customers online. Providing an authentication system that is much more secure than the normal log-in and password will go a long way towards easing these fears. Changes in the industry are also fuelling worries about online banking fraud. Autumn 2007 sees the introduction of faster payment clearing for electronic transactions. Reducing the time electronic transactions take to clear will give banks even less opportunity to spot fraudulent activity so there is a strong case for introducing improved authentication for safer customer log-in before these changes come into effect.

Secure and simple The need to do more to enhance online security is clear. A static password is no longer enough. In spite of all the warnings, people are still duped into revealing their log-in details. And savvy scammers with the right software can steal log-in information direct from customers PCs. The challenge facing the industry is how to increase security while keeping access simple and straightforward for the genuine customer. Two factor authentication (TFA) can go a long way towards achieving enhanced security. It is based on something the user knows a password and something they have like a token, a mobile phone, a PC or a chip and PIN card. The second factor can even be based on biometric data. Two factor authentication from BT is designed to deliver this requirement. It works by providing customers with a unique access code each time they log in. This is generated by a device or process not connected to the PC and is valid for a single transaction, making it much more difficult to steal or be guessed. BT s hosted TFA service, based on a range of authentication devices, from EMV card readers and one time password generating tokens, to SMS and voice authentication will greatly improve security at minimum cost and with little commitment of resources. The FSA endorses two factor authentication: Delivering TFA to their retail and business banking customer bases will enable banks to provide stronger authentication mechanisms and reduce the risk of fraudulent access and transfer of money out of accounts. Financial Risk Outlook 2006.

Chip and PIN With a view to keeping things simple for the user, the two factor authentication service from BT will initially be delivered through EMV card readers that use the chip and PIN process that consumers are now familiar with. Other authentication mechanisms such as OTP tokens, SMS and voice authentication will follow. Each private or business customer will have a card reader via which the second form of identification will be issued. Customers simply insert their card into the card reader and enter their PIN. They will then be presented with a code on the display. This one-time code, which changes every time the card is used, is then transmitted to the authentication server which authenticates the user to permit access. BT will manage the whole process and provide all the IT infrastructure needed, from the delivery of card readers through to customer help desk support and authentication of users on its own secure servers. Authorisation of access will remain with the bank.

Why choose BT? BT is more than able to deliver the full TFA package, because it has extensive experience in providing two factor authentication for secure remote access to corporate networks and the provision, distribution and support of devices to its millions of broadband customers. Risk is minimised because the only company banks need to work with is BT, which is the single owner and provider of the IT infrastructure. As for financial services competency, BT is a trusted supplier of secure financial services solutions. For example, BT s SettleNET service, handling share settlement in London markets, is built for full disaster recovery and business continuity and provides its own certification authority approved by the FSA and the Bank of England. Looking to the future, BT is preparing for the next stages of two-factor authentication as it migrates across other channels into new mechanisms such as voice and mobile/sms. So banks can be sure that any BT solution they choose now will be fully future-proofed, with migration to alternative channels provided as and when required.

Why go it alone? The FSA recognises that it may not be cost effective for banks to develop TFA themselves. But it does say that pursuing such a policy would demonstrate to customers that fraud is being tackled. Partnering with BT offers a much more viable solution, since BT will supply everything required to run the service, assist with application integration and offer attractive commercial options. Costs can be kept down because the necessary infrastructure is already in place and BT can draw on economies of scale. There are added benefits in choosing BT s two-factor authentication service: BT future proofs the two factor authentication service by providing a range of device options suitable to many customer segments. None-core IT device management can be outsourced to a capable and trusted provider. Reduced time to market.

For more information The two factor authentication service from BT will enable financial services organisations to interact with customers in a significantly stronger and more secure environment. It will play a major part in reducing internet banking fraud, and will demonstrate the industry's commitment to doing business securely online. The outcome should be an increase in consumer confidence, enabling banks to develop their online banking business. For more information about two factor authentication from BT, contact justin.kimber@bt.com BT s ability to provide a complete and effective solution, short guaranteed delivery times and high quality data centres were a critical factor in Friesland Bank s decision to choose it to host a secure internet banking environment for its customers.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information