St George counts down to two-factor authentication

St George is joining the ranks of financial institutions taking up two-factor transaction authentication to protect its customers from fraud.

According to St George the system, called Secure Code, will be phased in within the next few months as a free of charge service. Secure Code will work by sending a unique code to a customer's mobile phone or landline, which will be used to authenticate certain Internet banking transactions.

The two-factor authentication will be used for transactions including new payee transfers, certain BPAY transactions over AU$2,500, international transfers and changes to personal information such as telephone number, address and e-mail, according to a spokesperson for the bank.

Although St George is just beginning to roll out SMS authentication, others in the financial services industry are already predicting the death of the technology. National Australia Bank's general manager of technology, risk and security, Gary Blair said in December that SMS authentication will be dead in three years.

Most of the big four banks, as well as some of their smaller peers, have some form of two factor authentication. The authentication ranges from tokens -- devices generating random numbers for one time use -- or SMSes for transaction authentication to tokens for password authentication.

National Australia Bank and Commonwealth Bank of Australia currently use SMS authentication for transactions.

Recently, the International Organization for Standardisation released a standard for the use of biometric authentication at financial institutions, but according to some analysts, banks are unlikely to invest in the technology.

"The reality here in Australia is that our fraud levels are comparatively low and so the banks struggle to justify the massive expense involved in rolling out snazzy authentication systems," James Turner, advisor at analyst firm IBRS, told ZDNet.com.au recently.