--- begin forwarded text
Delivered-To: [EMAIL PROTECTED] Date: Fri, 14 Oct 2005 10:44:32 -0400 To: Philodox Clips List <[EMAIL PROTECTED]> From: "R.A. Hettinga" <[EMAIL PROTECTED]> Subject: [Clips] Lloyds steps up online security (SecureID) Reply-To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] <http://news.bbc.co.uk/1/low/business/4340898.stm> The BBC Friday, 14 October 2005, 10:46 GMT 11:46 UK Lloyds steps up online security Lloyds TSB is to trial a new security system for online banking customers, in an attempt to beat internet fraud. About 30,000 customers will receive keyring-sized security devices, which generate a six-digit code to be used alongside usernames and passwords. The code, which changes every 30 seconds, could help fight fraudsters who hack people's PCs or use "phishing" emails to steal login details. Similar systems are already in use in Asia, Scandinavia and Australia. Password sniffers Until now, Lloyds TSB has used a two-stage system for identifying its customers. First, users must enter a username and password. Then, on a second screen, they are asked to use drop-down menus to choose three letters from a self-chosen memorable piece of information. The aim of using menus rather than the keyboard has been to defeat so-called "keyloggers", tiny bits of software which can be used by hackers who have breached a PC's security to read every key pressed and thus sniff out passwords. "There's no hiding the fact that fraud is on the increase" Matthew Timms, Lloyds TSB But newer keyloggers now also take screenshots, which can reveal the entire memorable word after the bank's website has been used just a few times. Alternatively, fraudsters use "phishing" emails, which tempt customers to log onto a fake banking website and enter their details. Lloyds says that about £12m was lost to this kind of scam in 2004 - but it warns that attacks are multiplying fast. One-time deal The bank says it is guaranteeing that they will not suffer from losses even if their PCs are compromised, as long as they have not - for instance - given their password away intentionally. This stance contrasts with warnings from some other banks - notably HSBC - that in future customers could be held responsible if they do not keep security up to date on their machines. But Lloyds also hopes that its trial system could effectively toughen up customer access - regardless of the state of their computer. The customers testing Lloyds TSB's new system will press a button on their device to generate a new six-digit number every time they log on. They will do the same every time they need to confirm a transaction, instead of simply repeating their password. Lloyds TSB hopes the move will mean keyloggers and phishing emails will not have time to use any details they collect. "Fraudsters are becoming increasingly cunning with their tactics, and there's no hiding the fact that fraud is on the increase," said Matthew Timms, Lloyds TSB's internet banking director. Other banks are trying different devices, and Mr Timms acknowledged that the keyring-style token would probably not be the final format. "The journey we're on will probably end up as a card which can do both internet banking and card-not-present (credit card) transactions," he said. -- ----------------- R. A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list [EMAIL PROTECTED] http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]