Monday, August 15, 2011

How crypto is being used in banking

Traditional banking security is dependent on well-designed cryptographic equipment. These devices are hosted in ATM's, Pinpad in branches and retail infrastructure. The crypto codes generated on these devices during transactions are evaluated within the host systems by tamper-proof hardware security modules. The whole banking system was designed and built on robust cryptography (almost impossible to breach).

That was the case until online banking arrived. Consumers now interact with banking systems via the Internet with no cryptographic devices involved. The cost of these devices, the integration with online systems, lack of standards and complexity in the distribution are barriers to making this a standard component in online banking. Some of these barriers are aggressively being attacked and some progress has been seen lately:

HSBC use a on-time password for business users to secure online transacting. This crypto security device is available to customers in all countries. (Read here).
Bank of America offer a device to their customers producing one time passwords, called Safepass. (Read here).
This technology was released by Visa recently with the brand name Codesure. (Read here). The question is how readily will it be distributed and could this lead to more secure online banking.

It is also important to think of the implications for mobile banking.

No comments: