HSBC strengthens online defences

By Matt Whipp

Posted on 10 Apr 2006 at 17:33

The HSBC is claiming the largest UK roll out of access code generating key fobs to its business customers.

Some 180,000 of its business customers will receive the key fobs, costing the bank around £3 each, in a bid to combat online fraud following successful roll outs in the US and Hong Kong. A spokesperson told us that HSBC has no plans to offer the security devices to its consumer customers as 'the risk profile is so much higher' for businesses.

The access tokens generate a constantly changing pass-code which is used alongside existing credentials for logging in to bank accounts online. Each device is locked to a particular account, so should it be lost, it is of little use whoever finds it. It also makes it easier for users of the devices to access their accounts on computers other than the ones they usually use, allowing business customers to ditch digital certificates.

Simon Wainwright, Head of Business Banking at HSBC, said: 'Today's announcement will enable us to stay one step ahead of the fraudsters. Our experience in other parts of the world shows that this kind of two-factor authentication is an extremely useful weapon in the fight against Internet crime and we would urge other banks in the UK to seriously consider following our lead.'

One would be surprised if HSBC really was the only bank looking into this. Indeed, APACS is working with banks operating in the UK to agree on a standardised device for UK customers - increasingly looking likely to be a card reader. But with some £58m lost in online fraud in the past year, large scale roll-outs will decrease the cost of the devices to the banks as well as offsetting that cost against the expected decrease in fraud.

LloydsTSB, for one, announced it was trialling access code devices to its personal customers in the UK last October. It says that not one of the 23,500 enrolled in the trial has been a victim of online fraud so far. Some 70 per cent described the device as good or excellent and 95 per cent said it was easy to use. However, a date for the official deployment of the devices has yet to be announced.

Other authentication measures underway include online PIN codes, where credit card companies sign up online retailers to use the system whereby customers have a unique PIN they need to enter and have verified for a successful transaction.

These are already in commercial use with systems such as MasterCard's SecureCode and Visa's Verified by Visa.