Barclays Bank Fights Back Against Phishing Scams

Barclays is sending out free handheld chip and PIN card readers to customers, who will use the devices when they access their online bank accounts to set up payments to third parties.

Sharon Gaudin, Contributor

April 18, 2007

3 Min Read

A major international bank took a swing at phishers and hackers Wednesday when it announced that it will issue hand-held identity authentication devices to a half a million of its online banking customers this year.

Barclays PLC, which is based in the U.K. but operates in more than 50 countries, is sending out free handheld chip and PIN card readers to its customers, who will use the devices when they access their online bank accounts to set up payments to third parties, according to a release. The readers will replace users' passwords, since they are used with the customer's normal debit cards and PIN codes, to authenticate their identity at log in and for making payments.

Using the devices is another step in Barclays' efforts to combat phishers and make online banking safer.

Last year, the bank offered free anti-virus software, as well as a text message confirmation service, to online customers, according to the bank's notice.

Graham Cluley, a senior technology consultant for U.K.-based Sophos, told InformationWeek that this is a great step for Barclays to be taking, but it needs to be one in a series of many upcoming steps to really fend off phishers and hackers.

"I think Barclays would acknowledge that this is just the beginning of the process," said Cluley. "In time, they are likely to use these devices more and share them with more customers. At the moment, they are only asking consumers to use the device when they try and send money to someone new online."

To be really useful, Cluley noted that more financial institutions and organizations will have to adopt similar technology.

"The device that Barclays is planning to distribute will only benefit Barclays customers," he added. "It can't be used on other sites like eBay, PayPal, Amazon, etc. That's one reason why this kind of approach is ultimately not a long-term answer, as consumers may have to use multiple devices to better protect themselves when accessing a wide range of Web sites. It would be better if all of the banks and online stores could agree on a common technology for authentication and use it in unison."

Barclay customers will be required to use the handheld 'PINsentry' device to generate a one-time, eight-digit passcode that will have to be entered alongside their regular login information when setting up online transactions to new accounts. The device will only generate a passcode once the user's bank card has been swiped through it, and the PIN code has been entered. After two minutes the passcode expires.

Spyware is malicious code that often lies dormant in the background on infected computers, waiting for users to visit legitimate online stores or banking Web sites, explains Sophos. Once the malware notices the computer is visiting an online bank, it captures passwords by logging keystrokes and taking screenshots. This stolen information is then relayed to remote hackers who can use it to break into the users' bank accounts and steal their money.

"Including two-factor authentication into the online banking process is definitely an improvement in security," said Cluley. "Keyboard logging, spyware, and phishing e-mails, which try to steal your login information, just won't be effective as your passcode keeps changing. This will help make life harder for the bad guys who are trying to break into your account."

About the Author(s)

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights