Finally, a major player in the world of web security has gone on the record stating what I have stated on this blog since Day One.
Eugene Kaspersky: introduce ID system for all Internet users
According to an interview conducted by PC Authority, Eugene Kaspersky is advocating the use of hardware confirmation, known better as 'hardware IDs', for Internet banking, saying that some Baltic countries and some British banks already have them in use today. (Editor's Note: 29 out of 100 Europeans use a card reader for online banking)
"They need to have these hardware IDs for everyone," Kaspersky says, calling for mass adoption of peripheral card readers for all internet banking users. The idea sounds simple, but the setup could be "costly" for banks.
Editor's Note: "Costly" is relative. How costly is fraud? How costly are the measures used to combat phishing? How costly is it to lose the trust of consumers? How costly is each customer they lose? How much do attorneys cost to defend cases such as the PlainsCapital vs.Hillary Machinery? How costly are promotional programs that give away $100 to open an online banking account? I guarantee you that at the end of the day, issuing a card reader costs exponentially less. In addition the card reader can be branded with the bank's name and creates recurring revenue to the bank in the form of interchange. (each transaction conducted with our device earns the bank revenue they are NOT earning using the antiquated username/password fiasco.
The writing is on the wall. Online banking is dangerous and the only way to securely authenticate the online banking customer is to replicate the same process used by banks to disperse funds from ATM's. Swipe your bank-issued card and enter your bank-issued PIN into a bank-issued card reader. Based on the fact that HomeATM manufacturers the ONLY PCI 2.0 Certified PIN Entry Device designed specifically for online banking, eCommerce and mCommerce, the decision on who to use becomes easy.
Kaspersky envisions a world where many of us, whether we like it or not will use ID card readers as a type of digital passport.
The idea behind these devices is that physical counter-measures are much harder for a cyber criminal to infiltrate. "Banks could be big drivers of this kind of hardware", says Kaspersky. In Australia, hardware tokens have been introduced in the past by some banks as a security measure.