David Fraser points to a Reuters article noting that U.S. banking regulators have told U.S. banks to use two-factor authentication for online banking by the end of 2006:
“Single-factor authentication, as the only control mechanism, (is) inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties,” the council said.
In such cases, banks will be expected to require at least two forms of authentication. The second form can include such things as tokens that generate unique numeric passwords every 60 seconds, smart cards that people insert into computers, or biometrics that can identify fingerprints or handwriting.
“Online banking account hijacking is the fastest-growing form of identity theft we monitor,” said Michael Jackson, associate director of technology supervision at the Federal Deposit Insurance Corp., in an interview. “Regulators want to get in front of the problem rather than be reactive.”
