Microsoft's answer to phishing: Two IDs

By Dan Ilett, ZDNet
Thursday, November 18, 2004 12:09 PM

Banks are looking to bring down the number of phishing attacks by adopting two-factor authentication, which would require people to produce two forms of identification, Microsoft said on Tuesday.

The software giant's chief security strategist, Scott Charney, said that companies had failed to adopt the technology as fast as he would have liked.

"We haven't had as much adoption as you would hope for," Charney said at the Microsoft IT Forum in Copenhagen. "A lot of solutions for two-factor authentication are for enterprise spaces. If you get two-factor authentication to the consumer level, you reduce the phishing threat."

Phishing attacks are identity theft e-mails that are written to look as if they were sent from legitimate organizations. Companies such as eBay and PayPal, and some banks have seen their customers targeted by the fraudsters behind such scams.

Phishing fraud has cost U.S. consumers US$500 million, according to a recent survey sponsored by Truste, a nonprofit privacy group, and NACHA, an electronic payments association.

"Banks are looking at (two-factor authentication)," Charney added. "The real issue is the consumer acceptance. This kind of security when implemented is not often viewed as friendly. There is a challenge in how you communicate this."

Earlier this month Howard Schmidt, former cybersecurity advisor to the White House, called for companies to implement two-factor authentication. He said that the technology was already available and that people had to supply more credentials for Internet transactions.

But the U.K.'s Association for Payment Clearing Services (APACS), which represents the banking industry, said on Wednesday that no decisions have been taken to go ahead with two-factor authentication, despite the rise in phishing attacks.

"The fact is, it's a massive undertaking," said Tom Salmond, a managing consultant in the e-banking fraud liaison group at APACS. "It's under active consideration, but no decisions have been made at this time."

Richard Clarke, another former cybersecurity advisor to the White House, said earlier this month that online banking transactions cost just half of 1 percent of the cost of a physical transaction.

0

0 votes

Save to My Library

Talkback 0 comments

There are currently no comments for this post.

Reply to story

Related Whitepapers

Featured Whitepapers

Tech Jobs Now!

TechGuides

Specials
News and Interviews
Whiteboard

UOB banks on economic downturn
Singapore bank's IT chief Susan Hwee explains how financial crisis offers new opportunities to reengineer
Play video
Domino's Pizza keeps customers eating
CEO Don Meij discusses strategy to grow customer base
Play video

Salesforce CEO chatters about new social media platform
Facebook-type app hits the enterprise
Play video
Salesforce demos Service Cloud 2
New Web-based tools for customer service
Play video

Cost Effective, Secure and HA Server Infrastructure for SMBs
Alan Wan from Dell illustrates how small and medium businesses can build a high availability IT infrastructure without requiring heavy investments on skills and resources.
Play video
Enterprise 2.0
Vince Casarez, vice president of product management at Oracle, explains how Web 2.0 technologies, such as tags, wikis, and mash-ups, can be applied within an organization.
Play video