HSBC fights Internet crime with new password security device

HSBC is embarking the largest ever roll-out of online security devices for UK businesses. From May, password tokens are being sent to each of its 180,000 Business Internet Banking customers across the country. Distributed free of charge, the portable tokens generate a frequently changing single use security code which customers use alongside their User ID and Password to make online banking transactions. The key-ring sized device offers a significant additional line of defence against the growing risks from online fraud such as phishing, keylogger trojans, remote hacking and screen capturing.

HSBCís shift to two factor authentication - where a customer is verified by something they know and something they have - comes at a time of increasing concern amongst all banks about the growth and sophistication of internet-related crime. Todayís announcement is unique in the UK as, unlike other financial institutions, HSBCís Business Internet Banking customers will be the only ones in Britain to access their accounts using something in their physical possession that cannot be shared or interchanged amongst users. As each token is linked to an individual userís profile it is also of no use to a criminal if lost or stolen.

Simon Wainwright, Head of Business Banking at HSBC said: ìTodayís announcement will enable us to stay one step ahead of the fraudsters. Our experience in other parts of the world shows that this kind of two factor authentication is an extremely useful weapon in the fight against internet crime and we would urge other banks in the UK to seriously consider following our lead.î

In addition to providing an extra level of security, HSBCís new security device also offers increased flexibility. As business customers will no longer be tied to digital certificates they now have the freedom to access an account from an internet-enabled computer anywhere in the world. As soon as a customer activates the security device, their digital certificates will no longer be required. Migration will be phased in over the next 12 weeks and activation is a short, simple one-off process.

The roll-out is part of a global initiative. Customer feedback from other parts of the world, such as the US and Hong Kong, where the tokens have been used for some time has been very positive and they have proved highly successful in reducing online fraud.