You can’t put a price on security, yet Security can Literally Cost the EarthSESadmin 02/02/2012 Archive
SMS technology is the logical alternative to the costly token; while it’s true that you can’t really put a price on security, and we applaud any responsible organisation that looks to protect its customers, we all live in this world together and cumulatively have a responsibility to consider our impact on the planet.
In June this year HSBC Bank, arguably one of the UK’s most recognised and trusted financial services brands, revealed the latest weapon in its security arsenal – the Secure Key. Introduced to add an extra layer of security for online banking, it’s being billed as “ensuring its customers are one step ahead of online fraudsters”.
Every one of HSBC’s current five million active online users in the UK will eventually receive these small electronic devices. However, if more of its 15 million UK customers were to elect to bank virtually, and with the group looking to extend two factor authentication on a case by case basis globally, this total will eventually be considerably higher.
It’s not known exactly how much each of HSBC’s Secure Key devices cost – although one thing that is certain is they’re not cheap, but there’s additional residual costs that has to be covered:
- token deployment itself is time consuming and expensive and can take many months to deploy and the HSBC implementation is on a much larger scale
- there’s the marketing to make users aware of the devices, the mailings that will accompany the device to each customer, and the physical cost of this distribution
- there’s on going support costs to help users that have difficulty actually using the token
- you need to continue to manage tokens and replace them as they break or are lost. Typically 10% of physical tokens fail and need replacing every year – for HSBC that would be 50,000 tokens annually!
- on top of this physical tokens, such as Secure Key, have a typical lifespan of between three and five years
It’s quite easy to see how conservative estimates put a figure for physical token deployment at £100 per device. That’s not just for HSBC, that’s for any organisation that uses physical tokens as a two-factor authentication solution.
More than money at stake
But there’s much more to consider than just the monetary cost for these physical authentication devices. The cost to the planet in production, disposal and deployment is quite considerable too.
For example, the environmental cost of producing and distributing 4,000 tokens works out at around 4.3 million tonnes of CO2 or, for those who like a visual representation, that’s the equivalent of chopping down 240 million trees! I wonder if HSBC stopped to think about this when it committed itself to Secure Key.
If every organisation that allows individuals to access its systems first issues them with a physical token, that’s an awful lot of pieces of plastic. Each person would need one for their bank, the NHS, HMRC for tax returns, utility companies to access and pay bills, employer network, etc. etc. etc.
We’d end up as a nation having to walk around with a token necklace.
SMS technology is the logical alternative
While it’s true that you can’t really put a price on security, and we applaud any responsible organisation that looks to protect its customers, we all live in this world together and cumulatively have a responsibility to consider our impact on the planet. I can’t begin to imagine the size of the forest that the HSBC deployment is about to decimate!
However, don’t get me wrong, we’re not condemning using authentication as an additional layer of security – just physical tokens to do so.
Practically every pocket holds the perfect key – SMS technology to achieve tokenless® two factor authentication.
Now, we’re not saying that HSBC should give each of its five million customers a mobile phone, but with five billion mobile handsets currently in operation across the globe and this figure continually rising, it’s a fair assumption that the majority of people have a handset capable of receiving text messages.
Organisations can easily utilise this existing mobile technology to replicate a physical token:
- additional software is not required on the users phone which eliminates complex testing, support and training issues. This is particularly relevant as phone interfaces are constantly changing with each new model
- a passcode is sent to the user as a text message turning the mobile into a ‘soft’ token
- when you compare soft against physical tokens, it is estimated that moving to soft token authentication will reduce ongoing running costs by 40 – 60%!
- and there’s no reason why dozens of soft tokens can’t be carried on a single device eliminating the token necklace that could strangle our future freedom
- finally, if you were to lose a piece of plastic you probably wouldn’t notice until you next needed it. But, if you’re separated from your phone, you notice it almost immediately reducing the chances of your token falling into the wrong hands.
I don’t want to appear to be attacking HSBC, but as a recent high profile adopter of physical token authentication, it clearly demonstrates the impact this technology has on our planet that we all share. HSBC would need to plant 18,970.1 acres of trees to offset the emissions created by its decision to issue UK customers with a Secure Key – that’s before taking into consideration its global plans. Wouldn’t you want to cut your carbon emission if you had the chance to – we would encourage and urge you to think about tokenless® authentication, which goes a long way to helping the planet and brought to you by a British company too.
You have to agree that’s quite a compelling argument against physical tokens.
For more information visit www.securenvoy.com