The Bankwatch

Tracking the consumer evolution of financial services

Customers don’t want authentication devices | Abbey

Finally someone stated the blindingly obvious point that people do NOT want to carry separate devices. Banks need to provide the required security in other ways. I blogged about these devices last year, and have been amazed by the extent of deployment by European Banks, that could turn out to be wasted investment.

See here for my thoughts last year, and how two factor authentication is not well understood.

Finextra: Customers don’t want authentication devices, says Abbey

Despite continuing security concerns, two thirds of customers do not want their bank to provide chip and PIN-style authentication devices, according to UK high street bank Abbey.

The bank says a survey of 1000 of its own customers found that just one-in-three people (32%) want to be supplied with a security device to further secure online transactions.

Written by Colin Henderson

March 25, 2008 at 23:37

Posted in Security

3 Responses

Subscribe to comments with RSS.

  1. Colin, a slight correction if I may.

    To say that people do not want to carry around a token is a bit erroneous.

    Firstly, 68% of consumers don’t want a Chip and PIN token, which implies that 32% do.

    Secondly, the only token it appears they were shown was a Chip and PIN card reader similar to the one Barlcays and Natwest have issued.

    There are much better form factors around that do the same thing, such as the credit card form factor (a OTP token built into a credit card sized device, some of them can even do challange and response by the way).

    If I were Abbey I would worry about the 32% that did want added security and consider offering some kind of token. I would suggest that a smaller percentage than 68% would reject that.

    Mike Davies

    March 26, 2008 at 06:50

  2. Personally I’d neither want to carry/have a token nor another card.
    What’s wrong with the PIN / iTAN list combination?

    P2P-Banking.com

    March 26, 2008 at 08:44

  3. Personally, I think eTrade and BofA have done the right thing.

    To say nobody wants X is just painting with too broad a brush.

    Instead, let the consumer choose. eTrade lets you self-select upgrade to a token. BofA lets you does the same for an SMS delivered one-time-password.

    eTrade gets a double whammy benefit

    – for the people that don’t want tokens, they feel good because people like to know they have options

    -for the people who do want tokens, well, it means they understand things, are willing to put up with it, and probably choose eTrade because of it

    Lastly, http://www.bettermfa.com provides an out of the box way to support this idea of letting the customer choose the auth level they want.

    andrew taylor

    March 27, 2008 at 18:01


Comments are closed.

%d bloggers like this: