HSBC shuns two-factor authentication over PIN callback

Interesting to see that HSBC is taking a different line to UK bank payments organisation APACS when it comes to e-banking security.

The global bank has announced this week that is eschewing two factor authentication in favour of a one-time PIN callback over a designated landline or mobile phone.

According to HSBC, although two factor technology is quite good, if the security of a user's PC is compromised, inserting a one-time PIN generated by a two-factor authentication device into that PC isn't going to help the security of the e-banking session.

Which, though revolutionary, is quite a logical stance - hats off to HSBC for thinking this one through.

The bank has announced it is planning to move its customer base over to to a one-time PIN callback system - across designated landlines or mobiles - over the next couple of years.

This means that, even if you want to access e-banking from a PC or mobile Internet device you haven't used before, if you have your mobile with you, you're okay.

The only question now is what is HSBC going to do with all the two-factor Vasco authentication devices it's given to its business customers?...