--- begin forwarded text

 Delivered-To: [EMAIL PROTECTED]
 Date: Fri, 14 Oct 2005 10:44:32 -0400
 To: Philodox Clips List <[EMAIL PROTECTED]>
 From: "R.A. Hettinga" <[EMAIL PROTECTED]>
 Subject: [Clips] Lloyds steps up online security (SecureID)
 Reply-To: [EMAIL PROTECTED]
 Sender: [EMAIL PROTECTED]

 <http://news.bbc.co.uk/1/low/business/4340898.stm>

 The BBC

 Friday, 14 October 2005, 10:46 GMT 11:46 UK

 Lloyds steps up online security

 Lloyds TSB is to trial a new security system for online banking customers,
 in an attempt to beat internet fraud.

 About 30,000 customers will receive keyring-sized security devices, which
 generate a six-digit code to be used alongside usernames and passwords.

 The code, which changes every 30 seconds, could help fight fraudsters who
 hack people's PCs or use "phishing" emails to steal login details.

 Similar systems are already in use in Asia, Scandinavia and Australia.

 Password sniffers

 Until now, Lloyds TSB has used a two-stage system for identifying its
 customers.

 First, users must enter a username and password. Then, on a second screen,
 they are asked to use drop-down menus to choose three letters from a
 self-chosen memorable piece of information.

 The aim of using menus rather than the keyboard has been to defeat
 so-called "keyloggers", tiny bits of software which can be used by hackers
 who have breached a PC's security to read every key pressed and thus sniff
 out passwords.

  "There's no hiding the fact that fraud is on the increase"
 Matthew Timms, Lloyds TSB


 But newer keyloggers now also take screenshots, which can reveal the entire
 memorable word after the bank's website has been used just a few times.

 Alternatively, fraudsters use "phishing" emails, which tempt customers to
 log onto a fake banking website and enter their details.

 Lloyds says that about £12m was lost to this kind of scam in 2004 - but it
 warns that attacks are multiplying fast.

 One-time deal

 The bank says it is guaranteeing that they will not suffer from losses even
 if their PCs are compromised, as long as they have not - for instance -
 given their password away intentionally.

 This stance contrasts with warnings from some other banks - notably HSBC -
 that in future customers could be held responsible if they do not keep
 security up to date on their machines.

 But Lloyds also hopes that its trial system could effectively toughen up
 customer access - regardless of the state of their computer.

 The customers testing Lloyds TSB's new system will press a button on their
 device to generate a new six-digit number every time they log on.

 They will do the same every time they need to confirm a transaction,
 instead of simply repeating their password.

 Lloyds TSB hopes the move will mean keyloggers and phishing emails will not
 have time to use any details they collect.

 "Fraudsters are becoming increasingly cunning with their tactics, and
 there's no hiding the fact that fraud is on the increase," said Matthew
 Timms, Lloyds TSB's internet banking director.

 Other banks are trying different devices, and Mr Timms acknowledged that
 the keyring-style token would probably not be the final format.

 "The journey we're on will probably end up as a card which can do both
 internet banking and card-not-present (credit card) transactions," he said.



 --
 -----------------
 R. A. Hettinga <mailto: [EMAIL PROTECTED]>
 The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
 44 Farquhar Street, Boston, MA 02131 USA
 "... however it may deserve respect for its usefulness and antiquity,
 [predicting the end of the world] has not been found agreeable to
 experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
 _______________________________________________
 Clips mailing list
 [EMAIL PROTECTED]
 http://www.philodox.com/mailman/listinfo/clips

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: [EMAIL PROTECTED]>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to