HSBC is aiming to rollout one-time token security measures across the globe to support its anti-fraud solutions and overall security policy.
The global financial giant's head of group fraud risk – global security and fraud risk, Derek Wylde, told Computerworld there was "high risk" in Internet banking that needed to be addressed.
"As more and more customers move to do their banking online – Internet banking is easy, quick, convenient – it has its risks," he said during a visit to Sydney. "We are doing quite a lot of work to ensure they can bank safely online. In Australia, for instance, we issue one-time tokens free of charge. I think it gives customers a feeling of greater security.
"Although we don't have one-time tokens across the whole group we are moving to that sort of solution for all HSBC online banking wherever you are in the world."
HSBC takes a uniform and global approach to many of its security measures, including its fraud management solution which is based on a SAS offering the financial company jointly developed with the vendor over the past four years; it is called SAS Fraud Management.
"We implemented it in HSBC US in 2007, then followed it up with other implementations in the UK and in eight countries in Asia," Wylde said. "We have plans to deploy that further.
"As you can imagine HSBC has grown up probably more by acquisition in recent years than organic growth. So we have operations in 86 different countries. However, we have significant card portfolios in probably 25 to 30 [countries]. Because of the growth by acquisition we inherited a lot of different fraud solutions that were operating on legacy platforms. The HSBC strategy generally is to try and go for global solutions wherever possible. With that we gain economies of scale and the cost of maintenance is much less."
While creating a global solution provides economies of scale and reduces maintenance costs, Wylde agreed localisation was still an issue. As a result, the company required the ability to create region or country specific models in its fraud management solution.
"If you tried to develop one model that tried to cover all forms of fraud across the world it wouldn't work," Wylde said.
In related news, the Commonwealth Bank of Australia (ASX:CBA) announced this week it will roll out digital identities to its business customers to up their security while accessing selected online applications under a new deal with IdenTrust. The five-year deal will allow selected CommBiz customers from the end of this year to optionally allow their transactions to be signed electronically, delivering legally-binding non-repudiation and fraud prevention Sign up for Computerworld's newsletters to stay up to date.