About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« Fantasy panel | Main | The chat room paradox »

Barclays to tighten online banking security

By davebirch posted Aug 21 2006 at 10:04 PM

[Dave Birch] Barclays Bank is going to issue hand-held chip card readers to all of its 1.6 million active online banking customers to tighten security and combat identity theft.  The calculator-sized two-factor authentication devices will be distributed throughout 2007.  They will be based on reader specifications developed by the banking industry body APACS.  As a Barclays customer for nearly three decades, I'm looking forward to getting mine.

Technorati Tags: , ,

If these devices become widespread (ie, one per household) then one might expect other organisations to want to use them, either just to handle authentication or as part of a more generalised federated identity scheme.  It could be cost effective for, say, the Inland Revenue to pay Barclays a penny and let me log in using the same combination of my Barclays debit card and hardware token rather than mess about with the government gateway or their own single sign-on.  One of the national ID card schemes that we're advising at the moment are studying doing just that, in fact. It's important to bear in mind though, as noted here before, that token authentication does not solve the "online identity" problem because it does not provide bi-directional end-to-end encryption and authentication, but it is a step in the right direction.  UK banks ought to be looking at the next step (putting a PKI application on the EMV card -- which is a pretty marginal cost once they have migrated to DDA cards which have cryptographic co-processors on board, as the French banks are.) and finding ways to connect to the customers PCs in a simple way: perhaps using cards with USB interfaces as an interim and waiting for PCs to start sprouting contactless interfaces (as they have in Japan).


The comments to this entry are closed.