New Zealand's ASB Bank is implementing a new authentication system that uses SMS messaging to reduce the potential for mass Internet banking fraud.

The new system, supplied by RSA Security, allows users to have a one-time only authentication code sent to their mobile phone as a part of the login process.

Anyone attempting to fraudulently log in to an account equipped with the optional authentication measure would need to steal the victim's mobile phone as well as their user name and password.

Mass-mailing scams have plagued Internet banking this year, with several scams targeting Australians. E-mails hit inboxes purporting to come from banks, and asked users to log in to a screen and re-verify their details, the only problem being the users were entering their confidential information into a "spoofed" site operated by the fraudsters.

The attacks were quite unsophisticated--the perpetrators only needed a large list of e-mail addresses in order to conduct them. In order for a scam to succeed under the new ASB system, an attacker would need to know the victim's mobile phone number as well, and set up a fraudulent site that could duplicate the functionality of the bank site by sending out fake RSA authentication tokens.

The bank's group general manager of Technology, Clayton Wakefield, expects customers to take up the mobile option.

-Two-factor authentication... is widely recognised as a stronger form of security than static passwords," he said. "We believe that a growing number of customers will embrace mobile authentication solutions because... of not needing to carry an authentication token".

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.