Wall Street & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


04:30 PM
Connect Directly

Barclays Bank Fights Back Against Phishing Scams

Barclays is sending out free handheld chip and PIN card readers to customers, who will use the devices when they access their online bank accounts to set up payments to third parties.

A major international bank aimed at phishers and hackers last week with a plan to issue hand-held identity authentication devices to a half million of its online banking customers this year.

Barclays, which is based in the United Kingdom but operates in more than 50 countries, is sending the free card readers to its customers, who will have to use the devices when accessing their online bank accounts to set up payments to new recipients.

Phishing fighter

Phishing fighter
The readers will replace users' passwords. Barclays customers will swipe their card through the PINsentry device, then enter their PIN, and the device generates a one-time, eight-digit passcode to enter alongside their logon.

Barclays is trying to stop scams in which crooks steal accounts and passwords using spyware or phishing scams and then use ill-gotten information to steal the victim's identity and rob their accounts. These device-generated passwords expire in two minutes, so even if a keylogger picked up one it would most likely have expired by the time the hacker got his hands on it. Barclays last year also offered free antivirus software in hopes of stopping the spyware often used in such scams, plus a service that sends text messages to confirm transactions.

To be really useful, though, more banks and organizations like PayPal and Amazon will have to adopt similar technology, says Graham Cluley, a senior technology consultant for security company Sophos. "Consumers may have to use multiple devices to better protect themselves when accessing a wide range of Web sites," he says.

Will customers accept the devices? Other banks use more portable authentication such as key-chain-sized one-time password generators. Since Barclays' units are only required to add new payees, mobility might not be a major concern.

Register for Wall Street & Technology Newsletters
Exclusive: Inside the GETCO Execution Services Trading Floor
Exclusive: Inside the GETCO Execution Services Trading Floor
Advanced Trading takes you on an exclusive tour of the New York trading floor of GETCO Execution Services, the solutions arm of GETCO.