News

10:39 AM
Connect Directly
Facebook
Twitter
Google+
RSS
E-Mail
50%
50%

Cyber Security: HSBC Offers Two-Factor Online Authentication

HSBC will begin offering additional online authentication in the wake of increasing attention on security after the retailer data breaches.

With public awareness of cyber security threats on the rise, HSBC will begin offering two-factor authentication for online banking next quarter, says LuAnne Kingston, HSBC’s head of direct banking. The HSBC Security Device, available both as a small hardware device and as a mobile app download, will give online banking customers a unique code they will enter each time they log in.

“The [online authentication] credentials that many companies are using now can easily be defeated by fraudsters,” Kingston notes. “This is why we’re taking a multi-layered approach.”

Recent headlines around major data breaches have generated greater public interest in online security, changing the way customers view security versus convenience in their online transactions, Kingston adds.

[For More on Recent Security News: Breaking Down the Impact of the Target Breach]

“There is a lot of awareness now in the public [about cyber security]… and I think customers are more willing now to give up some convenience for security. And for some customers who may be worried about security, this [two-factor authentication] will help them feel more safe online,” she explains.

The HSBC Security device will provide additional protection for customers, but it is also increasingly important for customers to educate themselves and participate in securing their online identity and activities, Kingston says. She describes online security as a partnership between the customer and the bank, and says that HSBC provides a a number of free educational resources concerning cyber security on its website. The bank also has call center agents that can answer customers’ inquiries about security-related topics and provides free downloads of Trusteer’s anti-malware program on its website, Kingston reports.

HSBC has also provided additional info on its website about the HSBC Security Device for its customers, Kingston adds. “We’ve launched the security device in other countries, and we know customers are interested in this and will adopt this… this is an important step for us in trying to stay one step ahead [of fraudsters].”

Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Nathan Golia
50%
50%
Nathan Golia,
User Rank: Author
2/27/2014 | 9:48:42 PM
re: Cyber Security: HSBC Offers Two-Factor Online Authentication
Cool. We aren't seeing it in insurance yet but certainly some of the providers of high value life& annuities products should be exploring this strategy. Could also be offered as an option for interested parties in P&C or any other insurance line as well.
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
2/25/2014 | 2:10:28 PM
re: Cyber Security: HSBC Offers Two-Factor Online Authentication
Yes, i've been offered 2 factor authentication many times by various providers, but I rarely have set it up. But following the recent hacks, i've started to do so.
M_Gordon
50%
50%
M_Gordon,
User Rank: Apprentice
2/24/2014 | 9:23:56 PM
re: Cyber Security: HSBC Offers Two-Factor Online Authentication
The user experience does not have to be disrupted if the right two-factor authentication is in place. This solution also seems to be in-band which is still vulnerable to man in the middle attacks (MITM). I wonder which security service HSBC is using to offer their customers this service. I have seen ONLY ONE out of band 2fa solution (which defeats MITM) that isn't annoying to use called Toopher. I don't think enough people are aware of this solution or else it would be taken advantage of much more. Right now the only place I can use Toopher is through LastPass (my password manager.) Toopher does 2fa right by not interrupting the user every time they try to login. I have said it a million times and will keep saying it until I see Toopher offered in more places... it's the future of 2fa and it's time people start realizing that! I am just a security enthusiast who takes my online security seriously... if I can find such a great solution like Toopher, then why aren't other companies doing their research to find them too?
Jonathan_Camhi
50%
50%
Jonathan_Camhi,
User Rank: Author
2/24/2014 | 9:09:01 PM
re: Cyber Security: HSBC Offers Two-Factor Online Authentication
I think a lot of people who have had their cards replaced after the Target breach probably feel the same way.
Kelly22
50%
50%
Kelly22,
User Rank: Author
2/24/2014 | 7:09:27 PM
re: Cyber Security: HSBC Offers Two-Factor Online Authentication
I used to dismiss Gmail's two-factor authentication, but after getting my account hacked I'm setting it up. It's definitely something everyone should have.
Jonathan_Camhi
50%
50%
Jonathan_Camhi,
User Rank: Author
2/24/2014 | 5:42:49 PM
re: Cyber Security: HSBC Offers Two-Factor Online Authentication
Yeah I think the prevailing wisdom was that customers wouldn't bother taking the extra step. But it seems some think that they will now after the data breaches. I guess there's opportunity here for those willing to act on it.
Byurcan
50%
50%
Byurcan,
User Rank: Author
2/24/2014 | 4:10:02 PM
re: Cyber Security: HSBC Offers Two-Factor Online Authentication
This is definitely a good move. Two-factor authentication is ideal in any online security environment. I attended a Google event in 2011 where one of their gmail people said they recommend two-factor authentication to every user, though few actually use it.
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Janice, I think I've got a message from the code father!
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.