According to Howes, social engineering works because people feel obliged to conform to someone who they believe is in a position of authority.
A soldier, he explained, will kill another person because he is ordered to do so.
"In the `Milgram experiment' conducted at Yale University in the US in 1963, a trainer (the victim) was obliged to give increasingly high electric shocks to `learners if their questions were answered incorrectly", he said.
"Coaxed by the `experimenter,' 65% of trainers were prepared to administer potentially lethal 450 Volt shocks to their learners", he added.
Howes went on to say that, when repeated more recently as part of BBC Horizon programme in May of this year - entitled `How violent are you' - nine out of 12 people conformed to the experiment and gave 'lethal' shocks to the learners.
"In both of these cases, the learners were told to simulate the effects of the shocks, but the experiment proved that people would go the distance and do something they would not normally do, if told to do so", he explained.
In the world of the internet, he said, social engineering can be applied to emails, which is where phishing attacks start.
Emails from a bank say something like: `XYZ Bank is updating its systems, please can you login to your account by clicking here and confirm your account details. If you do not do it your account will be closed', are how phishing attacks work.
Whilst internet users are getting wise to these types of social engineering phishing emails, he told his audience, the problem is not going to go away.
Authentication may be the answer, he said, but many purchasers actually abandon their transaction at the point of login because they can't remember their password.
"There is also a sizeable number of users who will still not make purchases online due to security fears and this important segment of the market cannot be ignored", he said.
"Authentication techniques that require the user to remember a simple pattern instead of a password or PIN have been available for a little while now and they offer a real revolution in remote access security, but now is the time that banks should start to look seriously at these alternatives", he added.
"There appears to be a mindset in the industry that if you have something you can physically hold, it offers better security than something virtual, but this is a myth that needs to be dispelled."
"Software-based authentication technologies can provide a one-time password that is much more secure than traditional solutions and as it requires no hardware it is very cost effective to implement and scale to whatever deployment size is required."
According to Howes, added to this is the enhanced usability a software-based solution can offer, as a pattern is much easier to remember than a PIN number.
"Static PIN numbers are very vulnerable to key-logging and phishing attacks, but one time passwords that are generated from software-based alternatives are significantly more resilient to attacks of this nature."
"It is also very difficult to shoulder surf a pattern-based one time password generator because the fraudster would need to view the user several times to even begin to guess the pattern that was used to generate the numbers."
Against this backdrop, Howes argued that using a software-based solution also provides endless flexibility on how it is implemented in order to give scalable levels of security.
For example, he said, a user's mobile phone or PC could be easily added to the security mix to provide additional `two factor' security without requiring any extra expensive hardware.
"Added to this is the flexibility for using the solution in various languages and for people with disabilities who may not be able to enter a four digit PIN code without assistance", he said.
"Drilling down a level, it is possible for software-based solutions to be cleverly implemented to help protect against `man in the middle' attacks", he added.
"This is done by using details of the transaction (e.g. the amount being transferred and the destination account details) to actually generate the passcode so that if a fraudster tries to amend the information the transaction will be cancelled."
"Furthermore, using this method, the one-time passcode can become a `digital signature' of the transaction which counters internal fraud", he concluded.