Two-factor authentication tokens from RSA Security and Vasco are now in widespread use by companies wanting to protect their digital assets when employees access the company network. Yet UK banks and financial institutions have been impossibly slow to implement similar protection for their e-banking systems.
So far, only Lloyds-TSB has staged anything like a major trial with a two-factor authentication device for its e-banking service, although HSBC has announced plans to adopt the Vasco system for its business banking customers this summer.
HSBC already operates a two-tier protection service for its customers.
Business users have their sessions secured with a digital certificate, along with the more usual ID, password and SSL technology. Retail customers, meanwhile, only have an ID and password, plus SSL technology, to protect them against eavesdroppers.
This behaviour simply isn't on. It's clear that the banks consider the cost of issuing a two-factor authentication device to customers as too great for the numbers involved, yet online frauds do occur.
It really isn't good enough. At the very least the UK banks should offer a two-factor authentication device to customers as a paid-for optional extra, or perhaps use a mobile phone interaction system to authenticate users.
A customer education program also wouldn't go amiss.