CDRInfo Forum CDRInfo Forum

Forums  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Photo Gallery  Member List  Search  Calendars  FAQ  Ticket List  Log Out

Bank of America to use two-factor system to beat phishers !   Logged in as: Guest
Viewers: 529 You can click here to see Today's Posts | Most Active Topics | Posts Since Last Visit
  Printable Version
All Forums >> [News Around The Web] >> Security News >> Bank of America to use two-factor system to beat phishers ! Page: [1]
Login
Message << Older Topic   Newer Topic >>
Bank of America to use two-factor system to beat phishe... - 5/31/2005 6:04:44 AM   
SiliconFreak


Posts: 12104
Joined: 7/4/2003
From: Melbourne, Victoria, AUS
Status: offline
The Bank of America is to introduce two-factor, two-way authentication to around 13 million online banking customers in an attempt to reduce the threat of phishing attacks and identity theft.

Unlike traditional two-factor authentication, the Bank of America's Sitekey approach does not rely on expensive hardware tokens to generate passwords.

Instead it uses a customer's PC or handheld device as the second-factor hardware device. Technology from security company Passmark takes a "fingerprint" of a customer's computer to verify identification, using HHTP headers, software configurations, hardware settings, IP address and geographic location.

Customers registering for the service choose a picture, write a short phrase and pose three challenge questions to help authenticate the bank to them. When they come to use the service, they enter a log-in name and see the picture and their phrase, confirming it is the bona fide banking site. The customer then enters a password to use the service.

This combined approach is designed to protect against phishing attacks that con users into entering log-in details into spoof online banking sites, which hackers later use to access their accounts.

If the user should try to log into the system from another PC, the Bank of America service will seek answers to the three challenge questions created at registration. The bank argues that this will stop hackers accessing the system, even if they have the password and log-in details.

George Tubin, senior analyst with TowerGroup, said the technology could significantly boost confidence in online banking. "Implementing two-way, two-factor authentication without hardware is a significant step for online banking, particularly when taken by a leading player. This approach is consumer-friendly and makes it possible for the bank to scale rapidly and take it to the whole client base."

The UK banks are planning to introduce two-factor authentication for business customers using online banking services by the end of the year, banking industry trade body Apacs said earlier this month. It is co-ordinating the development of technical standards for a system based on chip and PIN smartcards and a reader that generates a one-time password.


Source : ComputerWeekly
Post #: 1
Page:   [1]
All Forums >> [News Around The Web] >> Security News >> Bank of America to use two-factor system to beat phishers ! Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts




Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.016