RSA Gives eTrade Transactions Extra Layer of Security

eTrade plans to offer its online banking customers two-factor authentication through the use of RSA's SecurID tokens.

Following the lead of a number of European banks and financial institutions, eTrade Financial Corp. on Tuesday announced that it plans to offer its online banking customers the option of using RSA Security Inc.s SecurID tokens as an added layer of security for online transactions.

This deal makes eTrade the first major financial institution in the United States to offer two-factor authentication to its customers, a service that many security experts and chief security officers in the financial industry see as a necessity if online banking is to continue to expand. Many banks in the U.K. and Europe offer two-factor authentication options for their customers, including a variety of different one-time password solutions.

eTrade customers who take advantage of the new offering will log on to the companys site using both their username and password and a one-time code generated by the SecurID token. The token creates a new six-digit code every minute, so a user will never use the same one twice.

/zimages/3/28571.gifRSA releases "one-time password" specs. Click here to read more.

Such two-factor solutions are gaining favor in a variety of industries of late, but are especially useful in sectors such as banking and finance that have been hit the hardest by phishing and other online fraud schemes. Many of these scams are designed to steal usernames and passwords and account numbers for online banking sites. But that information would be of little use if the bank also required a second form of authentication to log in.

RSA executives said that they anticipate other financial institutions following eTrades lead on two-factor authentication.

"It is a major event. Banks in the Americas have been a little slower in getting going with this. Its been happening in Europe. I think eTrades move validates that consumers see security as an important factor," said John Worrall, vice president of worldwide marketing at RSA, based in Bedford, Mass.

"This is an important market for us. I do expect that other organizations, whether theyre banks or something else, will deploy this technology," he said.

/zimages/3/28571.gifFor insights on security coverage around the Web, check out Security Center Editor Larry Seltzers Weblog.

eTrades program, called Digital Security ID, will be a voluntary one, and the SecurID tokens will be free for customers who have more than $50,000 in assets managed by the company. The company did not say what the cost will be for customers who dont meet that requirement. eTrade, based in New York, plans to roll out the program in the second quarter.

/zimages/3/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis.