HSBC says “No” to PayPal style security keys
by Chris Dawson
PayPal have yet to roll out the PayPal security key worldwide - I picked up mine in Boston at eBay Live! but am still unable to use it in the UK. Now it appears that the two factor authentication (something you know and something you have) may not give the security that was promised.
I wrote about my concerns back in January of this year, two factor authentication was never designed for use on the Internet. Today I’m joined in regarding two factor authentication as flawed by the HSBC Bank.
HSBC have chosen to use what’s known as an out-of-band security solution. Instead of relying on computers and passwords (even if generated by a security key) they will utilise the users mobile phone and a PIN number to authenticate their customers.
Two-factor is not bulletproof the PC may be compromised and it makes no sense to us to feed information into a compromised channel
HSBC personal internet banking manager Nick Staib
HSBC and eBay.co.uk both sponsor the Get Safe Online campaign backed by the government. If HSBC are questioning the efficacy of security keys for online financial applications it may be time to look for new solutions.
Two factor authentication with the PayPal security key would be a welcome bump to online safety in the UK. The big question is, by the time it’s introduced, will the PayPal security key be redundant?
Comments
One Response to “HSBC says “No” to PayPal style security keys”
Related Posts:
- Your money or your file
- $5 PayPal security key gives false hope to stop phishers
- A penny for your Porsche
- eBay under attack from hackers
- Unable to verify www.paypal.com as a trusted site
Recent Posts
- PayPal improve echeque notifications
- eBay.com changes : we’re no longer only a venue
- eBay UK fee changes : goodbye SIF and Gallery fees
- UK, US, Germany make major announcements today
- R.O.EYE to support eBay affiliates in the UK
[...] The long awaited PayPal security key (which is available in the US) would go a long way towards addressing account takeovers and leave attacks such as the current one useless. Even one time passwords from security key are not the complete solution, it’s an ongoing battle that neither side can conclusively win. As companies like eBay put new defences in place hackers work to circumvent them. [...]