Focus

Identity matters

Extract from the "Review" (author: Dave Howell)

David Mitchell of Barclays explains how banks are now following the lead of the enterprise sector in using two-factor authentication to safeguard identity.

Identity is becoming a precious commodity as more services move to the virtual realm. The amount of information being transmitted and stored is growing, so technology is developing to ensure that robust authentication systems maintain the security that individuals, governments and businesses demand.

In recent years, USB tokens have emerged as a leader in portable secure authentication. The technology is based on a secure, tamper-proof microcontroller and a USB controller packaged into a USB drive-compatible token. The result is a two-factor authentication process that can be applied to a variety of situations in enterprise, government, data storage and online banking. Crucially, USB tokens combine the security of a multi-factor authentication hardware system with the convenience and portability of USB drives.

Their rise to prominence is based principally on the need for stronger, multi-factor security for Internet use. Drivers include consumers’ concerns over the security of electronic transactions; the vulnerability and cost of managing password systems; corporate concerns over privacy and compliance; the growth of identity theft; and the need for a flexible,portable authentication system.


			Urgent need The scale of the challenge is shown in the most recent annual CSI/FBI Computer Crime and Security Survey. It reveals that identity theft and financial fraud are the fastest-growing crimes in the US, with organized crime syndicates regularly using password-hacking software, phishing and packet sniffing. More...
			Two-factor authentication With such effective precedents now widely in use in government and enterprise, the banking sector is establishing its own use for two- factor authentication technology. More...
			New solutions But threats such as phishing haven’t gone away. Online banking fraud accounted for £52.5 million of the losses reported by APACS for 2008 - up 132% on 2007. In fact, the 2007 figure of £22.6 million was down on the previous year, a fall that may be due to the implementation of two-factor authentication systems such as PINsentry. More...