[Dave Birch] Barclays Bank is going to issue hand-held chip card readers to all of its 1.6 million active online banking customers to tighten security and combat identity theft.  The calculator-sized two-factor authentication devices will be distributed throughout 2007.  They will be based on reader specifications developed by the banking industry body APACS.  As a Barclays customer for nearly three decades, I’m looking forward to getting mine.

Technorati Tags: , ,

If these devices become widespread (ie, one per household) then one might expect other organisations to want to use them, either just to handle authentication or as part of a more generalised federated identity scheme.  It could be cost effective for, say, the Inland Revenue to pay Barclays a penny and let me log in using the same combination of my Barclays debit card and hardware token rather than mess about with the government gateway or their own single sign-on.  One of the national ID card schemes that we’re advising at the moment are studying doing just that, in fact.
It’s important to bear in mind though, as noted here before, that token authentication does not solve the "online identity" problem because it does not provide bi-directional end-to-end encryption and authentication, but it is a step in the right direction.  UK banks ought to be looking at the next step (putting a PKI application on the EMV card — which is a pretty marginal cost once they have migrated to DDA cards which have cryptographic co-processors on board, as the French banks are.) and finding ways to connect to the customers PCs in a simple way: perhaps using cards with USB interfaces as an interim and waiting for PCs to start sprouting contactless interfaces (as they have in Japan).

Leave a Reply


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this: