A Finextra member 01 July, 2011, 14:12 0 likes

"Banks recognise that not all customers find using tokens convenient."

They don't seem to be doing much about it do they?... 

Online Banking Card Readers: no more room in the suitcase

In addition, how do you think FFIEC now view the security STRENGTH of tokens in light of the RSA breach ? Personally I can't see how 'guidelines' can really work in today's turbulent times for the banking sector - hence, I tend to concur.

Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 04 July, 2011, 12:35 0 likes

More than five years after the release of the first set of FFIEC guidelines - which did mandate strong two-factor authentication - there are literally thousands of non-complying banks in the USA, as can be witnessed by the long list of banks that can be linked to Mint because they don't support 2FA. By keeping silent about strong authentication now, FFIEC seems to have decided not to bother coming up with guidelines that are observed more in the breach. 

Nick Collin - Collin Consulting Ltd - London 06 July, 2011, 10:47 0 likes

Completely agree with you Steve - strong two-factor authentication based on something I own and something I know must surely be the standard for all remote financial transactions.  There's a lively discussion going on on this subject at http://lnkd.in/_Pxvpy if you're interested.

A Finextra member 06 July, 2011, 12:02 0 likes

Thanks for pointing me to that link Nick.  Off the topic of this post, but I would also like to see my CAP/DPA reader and card securing my 3-D secure on-line transaction. It's completely technically possible as (if I remember correctly) CAP is already part of the 3-D secure stack. However, we are unlikely to see it implemented for fear of it discouraging shopping on sites that use it. Meanwhile, as you point out, on-line shoppers are voting with their feet and migrating to other on-line payments that are perceived to be more secure.

Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 06 July, 2011, 14:27 0 likes

@Steve B: 

"...on-line shoppers are voting with their feet and migrating to other on-line payments that are perceived to be more secure".

In the USA, which is where FFIEC is applicable, I'm a bit curious to know more about such alternatives, their market shares and the basis of the "fear of it discouraging shopping on sites that use it".

A Finextra member 06 July, 2011, 14:56 0 likes

This is all off-topic from the original post. However...

If you follow Nick's link, he has some good stats on how PayPal is growing its share of on line shopping payments. So PayPal is the most prominent alternative.

The argument put forward about putting anything extra between selecting goods and making the payment is that it may discourage shoppers from completing their purchase and they may visit another site instead that does not have extra steps to get their goods. Adding CAP readers to authenticate a payment falls into this category.  I am not supporting or refuting this argument here, merely replaying it for you.