Why are U.S. banks so slow to roll out hardware security tokens (one-time code devices) for login authentication?
Banking
Asked by Question Bot05/Jul/20141 answer
1 Answer
F
Faisal Khan
Answered 05/Jul/2014
Hardware security tokens are expensive. The US is not the only country that is slow in providing hardware based token for 2FA (Two Factor Authentication). With over 8,000+ Banks in the US, the task becomes inherently more expensive, especially when customers are not willing to pay for such tokens. A typical hardware token based on a 3-year period costs the bank almost US$ 100-$125 per customer (when fully implemented, cost of hardware device, servers, support, marketing, postage, etc.)
Most financial institutions are now slowly gravitating towards the mobile phone as a secondary mechanism for online authentication. Whilst many see the SMS based alerts for 2FA as a great solution (read: cheap), what is even more beneficial are solution providers like Google Authenticator or Authy.
CIOs/CTOs are aware of such alternatives, but somehow are biased when it comes to a single-vendor implementation. Personally, I feel, a customer should have the option to choose, SMS-Phone based 2FA, Google Authenticator or Authy. Let the customer decide.
Most financial institutions are now slowly gravitating towards the mobile phone as a secondary mechanism for online authentication. Whilst many see the SMS based alerts for 2FA as a great solution (read: cheap), what is even more beneficial are solution providers like Google Authenticator or Authy.
CIOs/CTOs are aware of such alternatives, but somehow are biased when it comes to a single-vendor implementation. Personally, I feel, a customer should have the option to choose, SMS-Phone based 2FA, Google Authenticator or Authy. Let the customer decide.