We’re seeing more of this. Lloyds Bank is going to trial 30,000 security tokens with its banking customers.
This quote from the article caught my eye:
The bank says it is guaranteeing that they will not suffer from losses even if their PCs are compromised, as long as they have not – for instance – given their password away intentionally.
This stance contrasts with warnings from some other banks – notably HSBC – that in future customers could be held responsible if they do not keep security up to date on their machines.
Oh, umm, if that’s true (and I haven’t been able to verify it), that’s rather off-putting and sure to keep people away from online banking. Doesn’t online banking actually save banks money, with the added benefit of not having the Great Unwashed standing in line at the teller? Hmmm?
The banks are very much part of the security equation and relying on Grandma to make sure she stays up-to-date on her security patches is a bit ridiculous. Something as simple and inexpensive as a token goes a long way toward good security practice.