The UK's new Faster Payments Service (FPS) creates a strong business case for the immediate introduction of multi-factor authentication methods for transactions, says Thales e-Security.
The central Faster Payments infrastructure is being built by Immediate Payments Limited - a joint venture between payments processors Link and Voca - and will provide near real time payments processing for online and telephone banking transactions by November 2007. Standing orders will be processed on the same day, rather than the three days it currently takes.
But Thales e-Security argues that processing systems are not up to the challenge of receiving a payment instruction and adequately authenticating customers - and reversing payments for suspect transactions - within the 15 second transaction processing time limit.
Paul Meadowcroft, head of transaction security at Thales e-Security, says one of the unexpected knock-on effects of the FPS initiative is that "for the first time it provides a solid business case for investing in two-factor authentication right now".
"While always generally supportive of the benefits two-factor authentication can bring, especially in the battle to fight cardholder not present fraud, banks have lacked any immediate incentive," says Meadowcroft. "FPS fundamentally changes this as when it goes live in November 2007, the member banks will be instantly vulnerable."
Two-factor authentication will allow banks to manage authentication before the transaction is processed. By making the customers authenticate themselves using an unconnected smart card reader, the banks will have the identity confirmation required before the transaction is initiated.
Furthermore with the new Apacs CAP standard for two-factor authentication readers, banks can use a common platform that offers strong user identification within a cryptographically secure environment, says Meadowcroft.