Stronger authentication systems are needed, but there may be pitfalls, say experts
Security experts are urging financial institutions to roll out two-factor authentication systems more quickly to online customers, to ensure the integrity of transactions and boost public confidence in e-commerce.
Gary Clark, European vice-president of encryption specialist SafeNet, told IT Week that banks have a moral responsibility to their customers to ensure their online transactions are secure.
"UK banks have been slow to introduce [these systems despite] the profits they make and the charges they make to us all," Clark said. "But they spend money on encrypting their own data and their clearing systems."
Clark said it was astonishing that around 30 percent of online firms still do not encrypt transactional data, according to a recent DTI information breaches survey. "It's good to have an agency [like the UK’s Serious Organised Crime Agency] dealing with organised crime and cyber-crime but we're still making it easy for the criminals," he added.
IT vendors must also play a part by producing devices which can be used easily by customers and implemented easily by the banks, and they should educate merchants about the benefits of improving online security and the ease with which they can do it, Clark said.
But David Porter of IT security consultancy Detica warned that any two-factor authentication system must be supported by banks and merchants to ensure success, and there should also be fall-back mechanisms when such systems fail.
"In enclosed groups people will put up with [two-factor authentication] but getting the consumer to do it is very difficult," Potter added. "It could still be overridden on the inside - just because it's new technology, that doesn't mean anything if we are sloppy about implementation, and the humans and procedures [around it] are inherently flawed.
Security experts are urging financial institutions to roll out two-factor authentication systems more quickly to online customers, to ensure the integrity of transactions and boost public confidence in e-commerce.
Gary Clark, European vice-president of encryption specialist SafeNet, told IT Week that banks have a moral responsibility to their customers to ensure their online transactions are secure.
"UK banks have been slow to introduce [these systems despite] the profits they make and the charges they make to us all," Clark said. "But they spend money on encrypting their own data and their clearing systems."
Clark said it was astonishing that around 30 percent of online firms still do not encrypt transactional data, according to a recent DTI information breaches survey. "It's good to have an agency [like the UK’s Serious Organised Crime Agency] dealing with organised crime and cyber-crime but we're still making it easy for the criminals," he added.
IT vendors must also play a part by producing devices which can be used easily by customers and implemented easily by the banks, and they should educate merchants about the benefits of improving online security and the ease with which they can do it, Clark said.
But David Porter of IT security consultancy Detica warned that any two-factor authentication system must be supported by banks and merchants to ensure success, and there should also be fall-back mechanisms when such systems fail.
"In enclosed groups people will put up with [two-factor authentication] but getting the consumer to do it is very difficult," Potter added. "It could still be overridden on the inside - just because it's new technology, that doesn't mean anything if we are sloppy about implementation, and the humans and procedures [around it] are inherently flawed.
0 comments:
Post a Comment Subscribe to Post Comments (Atom)