24 November 2014

Bank of America moves to two-factor authentication

17 February 2005  |  14929 views  |  0 Bank of America Sign

Bank of America is working with digital security firm VeriSign to introduce strong two-factor authentication across its network.

The west coast bank is to use the VeriSign Unified Authentication platform to issue tokens for secure communications and transactions across the enterprise. The first tokens will be used for internal applications and corporate clients with particular security requirements.

The VeriSign platform provides a mechanism for managing all types of two-factor authentication credentials, including tokens and smartcards, and is designed to sit within an organisation's existing directory and identity management architecture.

Rhonda MacLean, corporate information security executive at Bank of America, says VeriSign's commitment to open standards was key to the deal, giving the bank the flexibility to keep improving security in the future.

"The financial services industry is moving quickly towards strong authentication," says MacLean. "Strong, two-factor authentication will clearly be an increasingly important component of our security strategy, and we believe open standards will create the co-operation and strong partnerships we need to protect our networks and information today - and tomorrow."

Bank of America is currently embroiled in a legal challenge from a Miami businessman over $90,000 he says was stolen from his online banking account by Latvian cybercriminals. He says the thieves authorised a wire transfer out of his account using access credentials sniffed out by a Trojan keylogging device on his infected PC.

The case highlights growing consumer concerns over the security of online business. A recent consumer study conducted by RSA Security found that 53% of respondents have little faith in traditional user ID/password security schemes. In fact, 21% of respondents refused to conduct business online with their financial institutions due to security fears.

RSA released the results as it announced plans to introduce a pilot consumer authentication service in the second half of 2005 that it will run on behalf of enterprise clients. Initially, the service will support various form factors for RSA's one-time password (OTP) technology, such as SecurID tokens and smart cards. The vendor - which pre-announced the initiative in an effort to pick up on US bank interest in two-factor authentication - has yet to explain how the service will interoperate with competing managed service offerings.

In December, The Federal Deposit Insurance Corporation urged US banks to abandon single password-based ID systems in favour of two-factor authentication following a sharp rise in 'account hijacking' ID theft.

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board, sign up now.

Related blogs

Create a blog about this story (membership required)

Related stories

16 February, 2005
07 February, 2005
04 February, 2005
11 January, 2005
07 January, 2005
04 January, 2005
17 December, 2004
15 December, 2004
14 December, 2004

Related company news

 

Featured job

Basic £130-140K OTE £250K (no ceiling)
London based and across EMEA

Find your next job