PhoneFactor Publishes New Whitepaper on Online Banking Fraud
Incidents of online banking fraud have risen to unprecedented levels, while retail and commercial banking customers are growing increasingly dependent on their trusted service providers to insulate them from the malicious threats that continue to increase in number and severity.
 |
A recent study released by the Ponemon Institute and Guardian Analytics (2010 Business Banking Trust Study) demonstrates the scope of the problem:
|
PhoneFactor recently published a new whitepaper, Combating Online Fraud with Out-of-Band Authentication, which examines how these threats affect online banking, customer perceptions about risk and financial responsibility, and the role of out-of-band authentication in protecting against them.
The whitepaper can be downloaded at http://www.phonefactor.com/two-factor-resources/whitepapers/download-online-banking-fraud.
-Sarah
New Partnerships and Products Help Banks Protect Customers from Online Fraud
PhoneFactor has extended its reach into the banking industry by partnering with Fiserv, the leading global provider of financial services technology solutions, providing online banking and bill payment services to thousands of financial institutions, and launching the Universal Banking Gateway. Both will allow PhoneFactor to easily integrate with online banking applications to provide much-needed out-of-band user authentication.
PhoneFactor recently announced a partnership with Fiserv to provide authentication through the Corillian® Online banking solution. The new phone-based authentication option will be integrated into Intelligent Authentication™ from Fiserv, a strong multi-factor user authentication tool that is available to financial institutions that use Corillian Online.
The Universal Banking Gateway enables rapid implementation with any online banking platform. The Gateway adds a critical authentication layer to secure online banking logins and transactions without requiring direct integration with the online banking application.
PhoneFactor works by confirming online banking logins, ACH, wire transfers and bill pay processes through an out-of-band phone call or text message. Because the authentication is confirmed through the telephone network, it protects against escalating threats from man-in-the-middle attacks and online banking trojans.
Read the full announcements here:
PhoneFactor and Fiserv Partner for Phone-Based Multi-Factor Authentication
PhoneFactor Launches Universal Banking Gateway
-Sarah
ATM Fraud in Broad Daylight
Before you hit play and watch this news story, just know that the Bad Guy didn’t even have to try as hard as he did. This crime is easier to commit than this news segment shows, and there are places a whole lot more vulnerable than an ATM vestibule in the middle of the day.
It’s an important case because we rely more and more heavily on ATM/Debit and Credit Cards as we move toward a cashless society. And they’re all vulnerable to the type of attack detailed here. New card skimmers are showing up that get the mag stripe data. Some are coupled with small cameras that watch you enter your PIN. The info is sent to a Bad Guy via a wireless network, and the Bad Guy makes a new mag stripe card, drives across town, withdraws money out of another ATM or makes a purchase at a retail store (no PIN is required if the transaction is run as a credit card purchase), and disappears into the sunset. You’ll never see your money again.
Roll ‘em:
Basically, the Bad Guy just needs a few seconds to attach a skimmer to the ATM and attach a camera to a convenient location in view of the keypad. Everything can be pre-programmed, so this whole operation can be done in the blink of an eye. The system works by wirelessly transmitting all of the information to the crook, at a safe distance from the ATM.
The point is it’s easy to read magnetic stripes, it’s easy to re-encode magnetic stripes, and it’s easy to buy a bunch of blank credit-card-sized magnetic stripe cards and encode those stripes with stolen numbers. Since merchants don’t verify that you have a genuine— or even genuine-looking— card anymore, a Bad Guy can copy your card and use it at any gas station, any ATM, or any self-service kiosk, and probably not get caught.
Numerous incidents of ATM skimming have been reported recently, including:
- NetworkWorld: ATM skimming equipment seized at Brisbane Internat’l Airport
- BankInfoSecurity: Ohio Skimming Scam Nets $50K
- The Washington Post: Bank expert discusses ATM skimming — and how to detect it
So, what can be done about this?
There are a few things consumers can do to dramatically improve security in their life, like monitoring their transactions, using known ATM machines and keeping an eye out for changes, etc. But just like passwords are no longer considered a sufficient means of protecting access to online accounts due to things like phishing, relying on a magnetic stripe on a credit card is just not enough to protect your financial transactions. Adding a second method to verify that the account owner is, in fact, the person conducting the transaction would offer material benefit.
PhoneFactor’s Transaction Verification is an easy, effective means of protecting consumers. PhoneFactor simply calls the card holder to verify the transaction before dispensing the cash or completing the transaction. It works for online transactions as well as in person transactions as ATMs and retail locations.
- Steve
Archives
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
