Barclays Bank Fights Back Against Phishing Scams 2

Barclays is sending out free handheld chip and PIN card readers to customers, who will use the devices when they access their online bank accounts to set up payments to third parties.
A major international bank aimed at phishers and hackers last week with a plan to issue hand-held identity authentication devices to a half million of its online banking customers this year.

Barclays, which is based in the United Kingdom but operates in more than 50 countries, is sending the free card readers to its customers, who will have to use the devices when accessing their online bank accounts to set up payments to new recipients.

Phishing fighter

Phishing fighter
The readers will replace users' passwords. Barclays customers will swipe their card through the PINsentry device, then enter their PIN, and the device generates a one-time, eight-digit passcode to enter alongside their logon.

Barclays is trying to stop scams in which crooks steal accounts and passwords using spyware or phishing scams and then use ill-gotten information to steal the victim's identity and rob their accounts. These device-generated passwords expire in two minutes, so even if a keylogger picked up one it would most likely have expired by the time the hacker got his hands on it. Barclays last year also offered free antivirus software in hopes of stopping the spyware often used in such scams, plus a service that sends text messages to confirm transactions.

To be really useful, though, more banks and organizations like PayPal and Amazon will have to adopt similar technology, says Graham Cluley, a senior technology consultant for security company Sophos. "Consumers may have to use multiple devices to better protect themselves when accessing a wide range of Web sites," he says.

Will customers accept the devices? Other banks use more portable authentication such as key-chain-sized one-time password generators. Since Barclays' units are only required to add new payees, mobility might not be a major concern.

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing