« Citibank's iPod Offer -- Too Much of a Good Thing? | Main | Branchless Banks now Hold 2% of U.S. Retail Deposits »

FDIC Recommends Two-Factor Bank Authentication

By Jim Bruene on January 11, 2005 4:38 PM

Now that the FDIC has officially come out in favor of two-factor authentication, it's only a matter of time before every major bank has upgraded their login procedures.

According to a Dec. 24 New York Times article, E*Trade Bank will be the first US bank offering two-factor authentication for retail customers. They are expected to use a token system similar to that used by AOL and several international banks including ABN Amro, Credit Suisse, Rabobank, and First National Bank (South Africa), winner of Online Banking Report's Best of the Web in November.

E*Trade's system is expected in Q1 2005 and will be optional for the customer. It's already in testing with 200 customers.

US Bank is also said to be testing a token system from Verisign.

Analysis: A simpler solution needed for the mass market
We commend these banks for doing something to reassure frightened users. According to Forrester, 26% of online users have not applied online for a financial product due to phishing fears and 14% have stopped paying bills or banking online. Finally 20% have stopped opening emails from their financial providers.

However, a hardware token is overkill for most retail users. It requires ongoing maintenance expenses, tech support, and is a logistical headache for the end user. It's kind of like a car alarm. They make sense if you live in a high-crime area, but mostly they are just a nuisance.

Luckily, there are simpler choices on the way. Just yesterday, an interesting company was profiled in The Seattle Times, BioPassword. Its software records the unique typing patter of the end-user and will keep out anyone else attempting to type the user's password. At a recent conference, the company offered up to $100,000 to anyone who could successfully login to its account, even after they'd been told what the password was. Not one of 1200 attempts was successful.

Entrust_identity_guardAnother interesting alternative to tokens is Entrust's IdentityGuard which Forrester analyst Jonathon Penn raved about in a November 19, 2004 research note. The EntrusEntrust_identity_guard_2_2t solution is a low-tech version of the token, using a paper-based "bingo card" users are asked to enter digits from certain rows/columns of the card (see card right).

Another solution receiving a lot of attention, partly because ex-Intuit CEO Bill Harris is founder, is PassMark. The company touts its "2x2 factor" program that authenticates users to the bank and the bank to the user. The latter is done via visual aid, hence the company name. They also have an excellent easy-to-digest demo.

-- JB

Comments (0)
AddThis Social Bookmark Button
Categories: Security & Privacy

Most Recent Posts:

Post a comment

(If you haven't left a comment here before, please note that we will read your comment before it is approved to go up on the blog. However, we'd prefer that you and our other readers didn't have to wait. If you'd like your comments to appear instantly in the future, you can create a TypeKey account and we'll set you up as a trusted commenter!)


Please enter the security code you see here

Sponsors

Finovate 2008 - Come see the future of finance & banking!


Sponsored Links

Events

Research

  • NEW! Online Investing Communities: Will social networking revolutionize saving & investing?- Find out more
  • NEW! Searching for Customers 3.0: Search engine marketing for financial institutions- Find out more
  • Person-to-Person Lending 2.0: Disruptive service or market niche? - Find out more
  • Mobile Money and Payments: Why credit & debit card issuers should embrace mobile delivery now - Find out more

Products & Services

  • Compare CD (certificate of deposit) interest rates and read customer reviews at Bankaholic