- 1.877.NO.TOKEN (1.877.668.6536)
- Live Chat
PhoneFactor’s Out-of-Band Authentication Platform Offers Stronger Security
PhoneFactor’s out-of-band authentication service leverages the user’s telephone as the second factor of authentication. The out-of-band authentication process begins as a normal login to the system, in which the user supplies a username and password. If the supplied credentials are valid, the system initiates a phone call to the user’s registered phone number. The user then answers the phone and indicates whether or not the authentication should succeed by pressing # or entering an optional PIN. Once the user acknowledges the authentication attempt via the phone call, the system completes the pending authentication and the login proceeds as normal.
Details about transactions can be provided during the authentication call. So, even if the user’s authenticated session has been hijacked, the attacker cannot complete a transaction without the user’s explicit approval. Not only does PhoneFactor prevent unauthorized logins and transactions, it notifies you instantly if a user’s credentials have been compromised and an attack is in progress.
Telephones are extremely difficult to duplicate and phone numbers are extremely difficult to intercept. The combination of their phone, a physical possession, and a memorized password yields strong out-of-band two-factor authentication with minimal hassle to the user. The user can be required to enter a personal identification number (PIN) to authenticate. This creates a third layer of our-of-band security. Administrators control which users are enabled for PIN security and set rules to enforce PIN strength and expiration policies.
In addition, PhoneFactor is also the only out-of-band two-factor authentication system that allows for instant attack detection. Every authentication attempt in which the attacker knows the user’s username and password will generate a phone call to the (true) user. That user can generate an instant Fraud Alert by pressing a key combination during the authentication phone call and block further authentication attempts.
The phone-based system also improves resilience to phishing attacks. Phishing attacks generally work by fooling the user into entering credentials into a fake authentication form. This is possible because users generally have no way to authenticate the form itself. While most two-factor solutions can’t solve this problem, PhoneFactor can leverage its unique, out-of-band authentication call to prove to the user that it really is PhoneFactor calling.
Out-of-Band Authentication for Online Banking
The SilentBanker trojan, which heralded the emergence of real-time attacks targeting online banking in late 2007, has been followed by countless attacks against live online banking sessions. The recent banking trojan, Clampi, is reported to have infected more than 500,000 computers since March of this year. The trojan sits in wait for a user to access one of more than 4,600 online banking, government, and business services websites then initiates fraudulent wire transfers. This particular trojan is targeting businesses, not consumer banking, in hopes of gaining accesses to higher balance accounts. And it circumvents security tokens and one-time-password technologies designed to protect online banking users. The only true protection against these threats is out-of-band authentication, which verifies a user’s identity through a separate channel. PhoneFactor’s out-of-band authentication, particularly when used with transaction verification, provides unparalleled protection for online banking.
