This is not a new thought, but as more two-factor security grows there should eventually be a war among online sites to be the most popular security portal. The idea that consumers would tolerate a bunch of separate hardware tokens in their pockets/home for their various secure transactions won't happen. It seems more logical that secure portals will have cross agreements with other security transaction minded sites so a user would only need to logon once to get to lots of secure commerce sites. Since Paypal/EBAY are very aggressive/innovative, they are probably well on their way with their strategy roadmap, but I don't think the big banks will take it lying down once they realize what opportunity they may be neglecting. What have been the latest thoughts with the knowledgeable on this secure portal idea?
I think with FDIC deadline so soon Paypal has missed its chance of portalship, for banks at least (there may be other clients, paypal is notoriously against gambling though, so nothing there). They should have started on this idea a couple of years ago, then they would be sell banks on their experience with it + established client base of token holders. Paypal is also a poorly established brand. A friend of mine has a business, 100% of his clients are web-savvy enough to find him on the internet, but most have no clue what paypal is.
I am not sure also how far banks would be able to outsource login security. Some of the big CC# leaks were from processors, so FDIC may not be satisfied if an external firm handles secure logins for a bank since it falls outside of their domain of regulation and control.
The big big question is where Chase and Citibank will go and where Google will go if they roll out a payment scheme.
fdic DEADLINE IS NOT WRITTEN IN STONE, they will likely give a bank more time if they audit you and detect deficiencies and i would think they would be pounding on VERISIGN's door asking for a solution, at least the smaller ones.
i think verisign was handling login security for BoA, I DISAGREE, fdic WOULD PREFERE outsourcing security rather than have a small bank mess it up, network management/intrusion security detection, phishing attacks, etc, events that a banks IMS PEOPLE might not know how to deal with are better outsourced. i think this provides terrific opportunity for verisign, they already deal with thousands of banks as does paypal. Stupid analysts missed this, VASCO wants to not advertise it to detect this thread.
The fly in the ointment is MICROSOFT's new O.S with it's unified login, but it will accommodate tokens. It will still accommodate VERISIGN handling secure logins, they will be just part of a trusted vendor network setup by M.S. Google vs EBAY? I'm not gong to worry about that, you still need to get the banks involved for transferring funds and ebay/paypal will fight them tooth and nail, fallout is ebay stock gets hammered as they lower prices. People still bitch about EBAY but there are too many people making their livlihood from EBAY to think they are going to switch to GOOGLE, I see GOOGLE auctions as just a way to get more paid searches, not an EBAY kiler.
I see more of a M.S. vs GOOGLE battle.
virtual digipass means exactly that, your PDA, PC or laptop simulates a digipass model, SMS messaging is OTP only. I know VASCO has SMS messaaging software, don't know if they are selling it. It wouldn't hurt if they picked up a software vendor that could manage a banks's email security, network security, detect unusual transactions patterns, HEY, that sounds like RSA or ENTRUST or ALADDIN.