Online banking security boost: Credit union shifts to two-factor authentication

Addison Avenue Federal Credit Union, based in Palo Alto, Calif., is taking steps to strengthen its online banking security by implementing two-factor variable-password authentication, becoming one of the few in the industry to do so.

11 security companies to watch

The credit union is encouraging customers to switch from simple password authentication to the far stronger two-factor authentication, which makes use of VeriSign’s handheld token to generate a one-time password. In addition, VeriSign offers applications for the Blackberry or iPhone that can be downloaded to these mobile devices and used to turn a smart phone into a variable-password generator.

Given the multitude of phishing and social engineering attacks that can compromise consumers’ identities, the credit union decided to up the ante for security.

“We’re focusing on online banking and bill payment, especially for those who have had issues with their identity being compromised,” says Stu Fisher, senior vice president of e-commerce at the credit union. “We need a solution for people always on the go.”

While use of the VeriSign variable-password technology won’t be required, it will be encouraged, says Fisher. The credit union, which has 150,000 members, many of them associated with the high-tech industry, will launch the service for free in the roll-out phase but will likely charge for the service down the road. For those using the stronger two-factor authentication, an annual fee of $10 for the service is anticipated, plus $10 for a handheld token. The iPhone and Blackberry applications are available for free.

The credit union is making use of VeriSign’s cloud-based security service, which carries out the two-factor authentication process without the credit union having to maintain a specialized server on site to accomplish the same thing.