A recent study released by the Ponemon Institute and Guardian Analytics (2010 Business Banking Trust Study) demonstrates the scope of the problem: 55 percent of businesses were victims of fraud in the last 12 months, with 58 percent of fraud enabled by online banking activities. 80% of banks failed to catch fraud before funds were transferred out of their institution. In 87 percent of fraud attacks, the bank was unable to fully recover assets.

PhoneFactor recently published a new whitepaper, Combating Online Fraud with Out-of-Band Authentication, which examines how these threats affect online banking, customer perceptions about risk and financial responsibility, and the role of out-of-band authentication in protecting against them.

The whitepaper can be downloaded at http://www.phonefactor.com/two-factor-resources/whitepapers/download-online-banking-fraud.

-Sarah

PhoneFactor recently announced a partnership with Fiserv to provide authentication through the Corillian® Online banking solution. The new phone-based authentication option will be integrated into Intelligent Authentication™ from Fiserv, a strong multi-factor user authentication tool that is available to financial institutions that use Corillian Online.

The Universal Banking Gateway enables rapid implementation with any online banking platform. The Gateway adds a critical authentication layer to secure online banking logins and transactions without requiring direct integration with the online banking application.

PhoneFactor works by confirming online banking logins, ACH, wire transfers and bill pay processes through an out-of-band phone call or text message. Because the authentication is confirmed through the telephone network, it protects against escalating threats from man-in-the-middle attacks and online banking trojans.

Read the full announcements here:
PhoneFactor and Fiserv Partner for Phone-Based Multi-Factor Authentication
PhoneFactor Launches Universal Banking Gateway

-Sarah

It’s an important case because we rely more and more heavily on ATM/Debit and Credit Cards as we move toward a cashless society. And they’re all vulnerable to the type of attack detailed here. New card skimmers are showing up that get the mag stripe data. Some are coupled with small cameras that watch you enter your PIN. The info is sent to a Bad Guy via a wireless network, and the Bad Guy makes a new mag stripe card, drives across town, withdraws money out of another ATM or makes a purchase at a retail store (no PIN is required if the transaction is run as a credit card purchase), and disappears into the sunset. You’ll never see your money again.

Roll ‘em:

Basically, the Bad Guy just needs a few seconds to attach a skimmer to the ATM and attach a camera to a convenient location in view of the keypad. Everything can be pre-programmed, so this whole operation can be done in the blink of an eye. The system works by wirelessly transmitting all of the information to the crook, at a safe distance from the ATM.

The point is it’s easy to read magnetic stripes, it’s easy to re-encode magnetic stripes, and it’s easy to buy a bunch of blank credit-card-sized magnetic stripe cards and encode those stripes with stolen numbers. Since merchants don’t verify that you have a genuine— or even genuine-looking— card anymore, a Bad Guy can copy your card and use it at any gas station, any ATM, or any self-service kiosk, and probably not get caught.

Numerous incidents of ATM skimming have been reported recently, including:

• NetworkWorld: ATM skimming equipment seized at Brisbane Internat’l Airport
• BankInfoSecurity: Ohio Skimming Scam Nets $50K
• The Washington Post: Bank expert discusses ATM skimming — and how to detect it

So, what can be done about this?
There are a few things consumers can do to dramatically improve security in their life, like monitoring their transactions, using known ATM machines and keeping an eye out for changes, etc. But just like passwords are no longer considered a sufficient means of protecting access to online accounts due to things like phishing, relying on a magnetic stripe on a credit card is just not enough to protect your financial transactions. Adding a second method to verify that the account owner is, in fact, the person conducting the transaction would offer material benefit.

PhoneFactor’s Transaction Verification is an easy, effective means of protecting consumers. PhoneFactor simply calls the card holder to verify the transaction before dispensing the cash or completing the transaction. It works for online transactions as well as in person transactions as ATMs and retail locations.

- Steve

Step 1
Enter your username and password just like you do today.

Step 2
Instantly, PhoneFactor sends you a text message with a one-time passcode. To authenticate, simply text the passcode back to PhoneFactor.

That’s it! Because the one-time passcode is both sent and confirmed through SMS, the process is completely out-of-band.

Now users can choose the two-factor method they prefer, phone call or SMS text message, all with the same level of out-of-band security and convenience. This enables the ultimate flexibility for your users and a single platform for your IT team to manage.

Learn more about sms authentication. Or try it yourself in our Online Demo.

- Sarah

• We recently launched Biometric Voice Authentication, making three-factor authentication both easy and cost-effective. PhoneFactor’s Biometric Voice Authentication delivers the strongest level of authentication without the overhead typically associated with biometrics. The user’s voiceprint is simply confirmed during the PhoneFactor authentication call.
• We will also be unveiling another exciting addition to the PhoneFactor platform during show.

And don’t miss PhoneFactor CTO Steve Dispensa’s panel discussion on responsible disclosure.
Responsible Disclosure: It’s Their Fault!
Wednesday, March 3rd, 10:40 AM, Orange Room 305

Don’t miss – Responsible Disclosure: It’s Their Fault!
Wednesday, March 3rd, 10:40 AM, Orange Room 305

Catch a sneak peak of the discussion with Martin McKeay and Steve Dispensa.
Listen Online | Download Podcast <8:51>

And be sure to stop by the PhoneFactor booth Booth #1757.

- Sarah

- Sarah

Step 1
Enter your username and password just like you do today.

Step 2
Instantly, PhoneFactor calls you. Simply answer and speak your passphase to authenticate.

That’s it! The process is simple, secure, and cost-effective.

With IT security threats at an all-time high, utilizing three separate factors to authenticate user access is a necessity for many organizations. However, most biometric solutions require a biometric reader, such as a fingerprint scanner, be installed on each end user’s system. The cost and IT resources required to purchase and deploy biometric readers created an often insurmountable challenge.

With PhoneFactor, no biometric readers are required – it works with any phone. And with automated voiceprint enrollment and centralized user management, it can be set up quickly for large numbers of geographically diverse users.

Learn more about biometric voiceprint authentication.

- Sarah

“Security comes first for us at VirtualBank and we are constantly working to make it better,” comments Frank Barbato, Virtual Bank Chief Information Officer. “We feel equally as strong about our client’s on-line experience and the impact that all the security protections have on them. After all, our clients just want to access their accounts and get on with their lives rather than answering questions about their pet’s name. PhoneFactor’s flexibility in their platform enables us to both meet today’s security needs while offering a superior user experience.”

VirtualBank has branded the process they have built around the PhoneFactor service “PhoneGuardian,” and will make it available to all of its customers free of charge.

Read Announcement

~Sarah

Key findings include… One in four respondents reported that their company’s network or data had been compromised, up from one in five last year. More than half of respondents (57%) feel malware is the greatest data security threat today. Poor password policies ranked second at just over 27%. Only 35% of respondents feel their company’s current authentication system is “very” or “extremely” secure – a 16% percent decrease from last year. More than 3/4 of respondents feel that companies who they give their personal data to are either “extremely” or “very” responsible for protecting their personal or financial information. More than half (57%) of respondents believe users would prefer to carry a cell phone over other two-factor authentication devices, including a security token or fob, a USB token or fob, a grid card, or a smart card. In fact, the majority of respondents – 70% – agreed with Wired’s statement that security tokens are a “top 10 worst gadget ever.”

The complete survey results are available in a new whitepaper IT Security & Authentication: Key Concerns for 2010. Download the whitepaper at http://www.phonefactor.com/how-it-works/white-paper/security-authentication-key-concerns-2010.

-Sarah