A password alone will no longer be sufficient for logging into your brokerage account. Starting April 1, brokerages will require investors to punch in a second level of authentication other than their passwords.
In keeping with the SEBI directive to follow a two-factor authentication, brokerages have decided to adopt their own methods. ICICI Securities has asked its customers to log in using their password along with details of their date of birth or PAN card number.
“With effect from April 1, you will be required to enter an additional authentication parameter while you log in to your ICICIdirect.com account. This is in line with the SEBI Guidelines to introduce Two Factor authentication for internet based trading in order to further strengthen the security of trading accounts,” said a mail from ICICI to one of its customers.
HDFC Securities, starting Monday, plans to adopt the same methodology.
Kotak Securities already has a double authentication system in place, which it launched way back in 2007.
The system generates a security key for the user which they can access by clicking on a ‘white button' which appears on the screen after the password is typed in.
The key, thus generated, is a six-digit number and is dynamic in nature changing every minute.
The same white button needs to be clicked on to switch off the key.
Other brokerages plan to get more innovative in their processes. For instance, Geojit BNP Paribas has introduced separate methods for those customers who own a mobile phone and those who are without one.
For Geojit customers with a mobile phone, every time they log on to their accounts, the system would generate a security key and send it as a text message to the customer's phone. For investors who do not own a mobile phone and for NRIs, the system will create and store information which is private to them.
“The authentication process consists of two-factors; one you know and one you have. The first one is your password and the second one your mobile phone or any private object. So, for customers without a cell phone, the system will flash an object, like an image. First-time users will have to choose an image such that at subsequent log-ins you have to recognise the image from a set of images that will appear on the screen,” said Mr. A Balakrishnan, Chief Technology Officer, Geojit BNP Paribas Financial Services.
Personal questions
Investors logging on to their accounts at Destimoney will be made to answer five personal questions on a one-time basis. “Subsequently, every time the customer logs in, the system will randomly flash two of these questions for the investor to answer. This is being done to ensure customer security and prevent incidents of hacking.
“While it is a good step, it is a one-time irritation to the customers and puts pressure on the brokerages as well,” said Mr. Sudip Bandyopadhyay, MD & CEO, Destimoney Securities.
According to him, the development of the system took his firm around two months and cost around Rs 7-8 lakhs. While they recognise the inevitability of such a system, brokerage firm officials are worried about the administrative issues that could crop up. The customer care teams would come under tremendous pressure dealing with the customers and their queries.
sneha.p@thehindu.co.in