Basic HTML Version
sustainabletimes
29
www.binfo.co.uk
Token
Green
In June last year HSBC Bank unveiled
a new weapon in its security arsenal
– the Secure Key. Introduced to add
an extra layer of security to online
banking, it’s being billed as a way
of ensuring ‘customers are one step
ahead of online fraudsters’.
Every one of HSBC’s five million
active online users in the UK will
eventually receive one of these small
electronic devices. If more of its 15
million UK customers choose to bank
virtually, and with the group looking to
extend two-factor authentication on a
case-by-case basis globally, the number
of devices eventually in use will be
considerably higher.
Deploying tokens is time-consuming
and expensive. It’s not known exactly
how much each HSBC Secure Key costs,
but the price of the device itself is just
one factor that needs to be taken into
consideration. There’s also the cost of
the marketing to make users aware
of the devices; the cost of mailings
to the customer; the physical cost of
distribution; and ongoing support costs
to help those who have difficulty using
the token. Typically 10% of physical
tokens fail and need replacing every
year – for HSBC that would amount to
50,000 tokens annually. On top of this,
physical tokens like Secure Key have a
typical lifespan of three to five years.
It’s easy to see how conservative
estimates put a figure for physical
token deployment at £100 per device.
That’s not just for HSBC, but for any
organisation that uses physical tokens as
a two-factor authentication solution.
More than money at stake
But there’s much more to consider
than just the monetary cost of
physical authentication devices. The
environmental cost of producing and
distributing 4,000 tokens works out
at around 4.3 million tonnes of CO2,
the equivalent of chopping down 240
million trees.
We have calculated that HSBC would
SecurEnvoy argues that authentication using
physical tokens is damaging our planet and that
tokenless, mobile-phone based alternatives are
both cheaper and greener.
The environmental cost of producing and distributing
4,000 tokens works out at around 4.3 million tonnes of CO
2
,
the equivalent of chopping down 240 million trees.
need to plant an 18,970-acre forest
to offset the emissions created by its
decision to issue UK customers with
a Secure Key, even before taking into
consideration its global plans.
And that’s just for HSBC. If every
organisation that allows individuals to
access its systems first issues them with
a physical token, each person would
have a separate device for their bank,
the NHS, HMRC for tax returns, utility
companies to access and pay bills,
employer network etc.. That’s a lot of
plastic and associated emissions.
A logical alternative
While it’s true that you can’t put a price
on security, we all have a responsibility
to consider our impact on the planet.
We’re not condemning authentication as
an additional layer of security, just the
choice of physical tokens as the means
of delivery.
Practically every pocket holds the
perfect key: SMS technology.With five
billion mobile handsets in use across
the globe, it’s a fair assumption that
the majority of people have a handset
capable of receiving text messages.
Organisations can easily make use of
customers’ existing mobile technology
to replicate a physical token by sending
a passcode to the user as a text
message, effectively turning the mobile
into a ‘soft’ token. Because there’s no
need for additional software on the
user’s phone, complex testing, support
and training issues are eliminated – an
important consideration, as phone
interfaces change with each new model.
It is estimated that moving from
physical to soft token authentication
will reduce ongoing running costs by
40-60%; dozens of soft tokens can be
carried on a single device; and if an
individual loses a mobile phone they
will notice much more quickly than if
they lost a piece of plastic, thus reducing
the chances of a token falling into the
wrong hands.
www.securenvoy.com
OP INION