CNET también está disponible en español.

Ir a español

Don't show this again

Christmas Gift Guide
Security

Microsoft's answer to phishing: Two IDs

Banks aren't moving fast enough on requiring online customers to provide two forms of ID, the company says.

Banks are looking to bring down the number of phishing attacks by adopting two-factor authentication, which would require people to produce two forms of identification, Microsoft said on Tuesday.

The software giant's chief security strategist, Scott Charney, said that companies had failed to adopt the technology as fast as he would have liked.

"We haven't had as much adoption as you would hope for," Charney said at the Microsoft IT Forum in Copenhagen. "A lot of solutions for two-factor authentication are for enterprise spaces. If you get two-factor authentication to the consumer level, you reduce the phishing threat."

Phishing attacks are identity theft e-mails that are written to look as if they were sent from legitimate organizations. Companies such as eBay and PayPal, and some banks have seen their customers targeted by the fraudsters behind such scams.

Phishing fraud has cost U.S. consumers $500 million, according to a recent survey sponsored by Truste, a nonprofit privacy group, and NACHA, an electronic payments association.

"Banks are looking at (two-factor authentication)," Charney added. "The real issue is the consumer acceptance. This kind of security when implemented is not often viewed as friendly. There is a challenge in how you communicate this."

Earlier this month Howard Schmidt, former cybersecurity advisor to the White House, called for companies to implement two-factor authentication. He said that the technology was already available and that people had to supply more credentials for Internet transactions.

But the United Kingdom's Association for Payment Clearing Services (APACS), which represents the banking industry, said on Wednesday that no decisions have been taken to go ahead with two-factor authentication, despite the rise in phishing attacks.

"The fact is, it's a massive undertaking," said Tom Salmond, a managing consultant in the e-banking fraud liaison group at APACS. "It's under active consideration, but no decisions have been made at this time."

Richard Clarke, another former cybersecurity advisor to the White House, said earlier this month that online banking transactions cost just half of 1 percent of the cost of a physical transaction.