How many consumers would pay for a hardware that would make it safer to bank online?
Thirty percent to 40%, says the leading manufacturer of such devices.
Nonsense, two research analysts say.
RSA Security Inc. of Bedford, Mass., makes a key-shaped security "token" that attaches to keychain and generates a new six-digit log-in passcode every 60 seconds.
On Thursday the company announced results of a consumer survey. It said 51.7% of respondents were "interested" or "extremely interested" in having such a token, and that 40.1% "likely" or "extremely likely" to use one.
A bar chart the company released was vaguer on how many would be willing to pay.
At first RSA said the data was proprietary. On Friday, though, it said 30% to 40% of respondents would pay for a hardware authentication device if the price were similar to that of antivirus and firewall software.
Such software typically costs $25 to $60, when not obtained for free.
But Cathy Graeber, a principal analyst at Forrester Research Inc. of Cambridge, Mass., said it had found in a recent survey that only 7% of respondents would pay some or all of the cost of a security device.
"In terms of consumers willingness to pay for extra authentication measures like key fobs or tokens, I don't see that happening," she said in an e-mail.
Bruce Cundiff, a research analyst for Javelin Strategy and Research of Pleasanton, Calif., expressed a similar view.
Consumers "are unwilling to foot the bill for any enhanced security - and frankly, my opinion is rightly so," he said. "The banks are the ones who have driven them to the online channel," and consumers would not respond favorably to being asked to pay to keep it secure.
Mr. Cundiff said that when he surveyed consumers last month about which methods of strong authentication they preferred, passcode-generating tokens were their fifth choice.
Respondents were allowed to choose three options. Fifty-two percent chose challenge questions. Thirty-three percent said they favor a method that identifies whether the computer logging on has the same traits as their usual personal computer. Twenty-nine percent picked fingerprint biometrics, and 16% chose a smart card or other type of token that had to be physically connected to the computer.
Only 13.1% chose tokens that, like RSA's, generate one-time passwords.
On Thursday, at the press conference called to release RSA's survey results, Joe Raymond, the director of Web optimization at E-Trade Financial Corp., appeared along with Arthur W. Coviello Jr., the vendor's chief executive.
Mr. Raymond said E-Trade, the largest financial company offering RSA's tokens to its customers, considers its program a success.
E-Trade has offered the tokens for free to its most valuable customers since March, and since June it has offered to sell them for $25 each to customers who did not qualify for a free one.
The company has 2.9 million customers, and Mr. Raymond said they have just over 10,000 tokens. He called that "a decent uptake."
Most of those tokens were freebies, he said, but cost was not the only factor in the customers' decision. Those with the freebies were offered tokens months earlier, use etrade.com more often, and have been marketed to more heavily, he said.
Analysts agree that consumers want stronger authentication. Ms. Graeber of Forrester said that 83% of online banking customers would use a stronger authentication method than a user ID and password, and that 74% would consider it an important factor when choosing a new financial provider.
And Mr. Cundiff said that despite the limited security offered by a user name and password, last week a Javelin survey of online consumers found that 18% actually bank online more frequently because of fraud concerns.
