E-Trade financial tried using a RSA fob as a second factor of authentication, but as of their 11/07/06 financial report their fraud losses continue to increase. That said, they considered this program a success because users indicated they feel safer and are more likely to provide assets.
Sign in with 
OpenID
it is also highly likely that their customers' PCs were already 0wned, which would contribute to the lack of overall improvement, the horse was already out of the barn. as one of the major aussie banks realized when considering usb dongles for 2fa saying in effect "over 60% of our customers PCs had malware/crimeware on them already, we didn't want to put our good stuff (dongle) into our customers bad stuff." instead they added authZ over a separate band, in their case SMS.
http://1raindrop.typepad.com/1_raindrop/2007/01/ke y_enabling_te.html
http://1raindrop.typepad.com/1_raindrop/2007/04/th is_just_in_nu.html
http://1raindrop.typepad.com/1_raindrop/2007/04/ba nds_wired_fac.html
Gunnar - 21st July 2007 14:29 - #