The UK's banks are expected to agree a common industry standard for two-factor authentication of online transactions next month in a bid to cut card-not-present fraud and losses from phishing scams.
Card-not-present fraud in the UK rose 24% last year to £150.8m, making it the biggest category of fraud, while direct fraud losses from online phishing scams reached £12m in 2004, according to stats from UK payment association Apacs.
Jemma Smith, communications manager at Apacs, told Finextra that a technical specification for two-factor devices should be agreed in May. Banks are then expected to begin distributing authentication devices to online customers in the next nine to 12 months.
Smith says the standard, based on a technical specification developed by Visa and MasterCard, will be adapted for domestic use, in the same way that the Chip and PIN standard was adapted.
In March Barclaycard said it was in talks with UK retailers about plans to roll out pocket-sized card authentication device for customers to use when shopping online. Customers are prompted to insert their card into the reader and enter their four-digit PIN code when shopping online. The reader then generates a unique password for entry on a Web form.
A recent report released by analyst house Forrester Research found that just 30% of Web users are confident of the security of financial data when used to make transactions online. Forrester urged banks to adopt two-factor authentication in order to increase customer confidence in online channels.
Earlier this month HSBC COO Alan Jebson admitted that phishing scams are damaging customer confidence in online services and said the bank was considering introducing three factor authentication which would include biometric verification.