A wee birdy tells me that a major UK bank is nearly ready to begin (I know, lots of hedging in there - maybe it was a dunnock) rolling out its EMV card-based 2-factor solution for online banking.
This will provide strong cryptographic security that a person with the customer's card and knowledge of their password was involved in authorising the transaction - so preventing session hijacking. I got a small play with the beta version (as part of a customer usability trial) and it seemed to work reasonably well at providing you with enough information to prevent transaction hijacking (one of the difficulties here as compared to traditional challenge - response systems.) Hopefully, you will at least be given the option to use this for log-on (I do not believe that you will be required to do that.)
Of course, this provides no protection against data leakage from transactions proxied through a man-in-the-middle site or recorded by malware infection of the workstation you are using but it is a damn good start.
More when I get my kit, assuming I am in one of the "early-adopter" pools.
S-E
When Is An Acquittal Not An Acquittal?
19 hours ago
No comments:
Post a Comment