NatWest has become the latest high-street bank to launch two-factor authentication. Online customers throughout the UK are being issued with a free card-reader device, which requires the user to input both card and PIN, in order to generate a one-time number to be used alongside normal passwords. NatWest plans to deploy one to every user by November. The bank is rolling out the calculator-like devices from French supplier Xiring in phases, and they will initially only be required for customers making external transfers from their accounts.
Although security experts admit that such devices are a step forward for consumer security, many point to the lack of protection against the kind of man-in-the-middle attacks made against ABN Amro accounts in the Netherlands in April. ABN paid compensation to four customers whose accounts were compromised.