Last week, major Australian banks gathered in Sydney with the Banking and Financial Services Ombudsman to discuss the security of online commerce in a closed-to-media event organised by the ABA.
The issue of two-factor authentication, which requires two forms of identification, was a major talking point throughout the conference, attendees told ZDNet Australia . National Australia Bank and Bendigo Bank currently offer such security to customers, utilising SMS and password tokens as additional protective measures.
The added layers are meant to combat a continued rise in phishing and cybercrime attempts on bank customers. Some Australian banks have fallen victim to copycat Web sites whereby phishers record the login details of unsuspecting clients.
Microsoft chief security adviser Peter Watson, who attended the conference, said there was concern at consumers' reluctance to conduct transactions online due to the perceived risks.
"They now recognise it's a credibility issue," he said of the banks. "It affects their ability to take more transactions to their customers. It's causing banks costs."
ABA members had realised they were increasingly dependent on the security levels of their customers, according to Watson.
"The banks are almost at a brick wall [stage] with security," he said.
"No matter what we do in terms of ramping up internal security, if consumers don't have the technology to allow [improvements] to occur, there's no point."
Whether two-factor authentication will be adopted industry-wide is unclear, however.
"There was discussion ... as to whether they should go down an individual or industry approach," Watson said.
While some banks have adopted such a system, there was some support for an industry approach, according to Watson.
The possibility of standards development for two-factor authentication was one reason.
The ABA was looking for a strategic, rather than tactical, solution, he said. "There's no point in the banking sector going and addressing two-factor without the support of ISPs and major retail sites."
The conference concluded without major agreement on the way forward. Watson said whether banks will implement their own defences or follow an industry approach remained unresolved.
Another conference presenter, Peter Cassidy, secretary general of the Anti-Phishing Working Group, said mandating two-factor authentication has to be approached with care.
"Saying two-factor is 'it' excludes a number of other approaches that may also be effective," Cassidy told ZDNet Australia .
He expressed confidence that an improved security system would eventually be commonplace across the financial industry.
"Some kind of multi-factor [system] will come forward," he said. "It's on the cards everywhere."
A new innovative technique to help enterprises prevent their customers/employees from
falling prey to phishing, pharming, and online fraud. (Green Armor recently introduced its patent-pending technology, Identity Cues).
The solution leverages a unique blend of psychology and technology to
make obvious to even non-technical and untrained users whether they are communicating with an organization's legitimate web site or with a phony site set up by a criminal. It directly targets the underlying human weakness
at the root of the phishing problem -- the inability to distinguish between
two items that look nearly identical -- and does not require deploying complex technologies. As a result, it offers significant advantages over
earlier anti-phishing technologies -- for all parties involved (users, system administrators, and the organizations implementing the system).
For example, it is much easier on users: they don't have to download/install
any software, carry any security devices, register for any services, or
memorize any extra secrets. There are no extra steps during the login process, and, even if people do not make a conscious effort to use the
anti-phishing/anti-pharming system, Identity Cues can still be effective at
protecting them.
For more information you can visit www.greenarmor.com