The Anti-Phishing Working Group's (APWG) Phishing Activity Trends Report, published April 2012, states that 39 percent of the world's computers are infected with some form of malware. This is a staggering percentage, and the problem does not appear to be decreasing.
Hacking used to involve mostly college kids on the hunt for bragging rights. However, the large amount of money now possible to be made through black hat activities has created an enormous underground industry run by sophisticated hacking networks. One of the natural targets of these "big league" hackers is the financial services industry - mainly banks with consumer accounts.
In the search for better customer security and safeguards against fraud, banks have employed more sophisticated methods for detecting anomalous transactions. This mainly involves stopping transactions before they are executed when they suspect suspicious charges - sometimes to the great annoyance of the client himself when his valid transactions are red flagged and not permitted to go through. One occasion where this occurs frequently is during travel, where banks tend to block credit card purchases until they speak to the account holder for fear a lost or stolen card is being used on a wild spending spree out-of-state. While security is increased with this method, it provides for a less-than-stellar customer experience.
As banks have demonstrated that they cannot efficiently determine the validity of every single transaction, they would be wise to consider adding a better tool in their fight against fraud: namely, the customer himself. Research indicates the number of customers willing to aid in the fight against fraud has doubled over the last four years. Fortunately, mobile technology is an easy avenue for enlisting the aid of consumers. These days, almost everyone uses a smart phone and with the awareness of financial fraud growing in the U.S., and the ease with which mobile applications can access financial accounts, consumers are ready to take on a greater responsibility for monitoring their financial security.
To that end, out-of-band authentication is an important tool for banks to consider in safeguarding customer accounts and eliminating fraudulent transactions. The term out-of-band refers to any authentication method on a separate channel outside of the browser or application where the customer does his banking, preferably on a completely different device entirely. It's a technique that has been implemented by some banks and we will, most likely, see it more frequently in the near future.
The three most common out-of-band transaction verification methods use smartphones. They are:
• Telephone calls
• Text messages
• Dedicated authentication apps
In general, a customer authenticates their device or installs an app, securely linking it to their bank accounts. Whenever a transaction occurs on the account, the customer is instantly notified on their phone and they have a chance to approve or decline it immediately. This not only safe-guards your account but it also allows you to stay on top of your withdrawals.
The greatest benefit, beyond enhanced security, is convenience for the customer. This is especially true when a dedicated app is used, as the chances for a missed call from the bank are eliminated and the transaction details are available immediately on their telephone screen. The bank also benefits, as this increase security service can win more customers and keep them loyal to their banking partner. Additionally, the service can open up the room for a new revenue stream.
Banks and customers working together to combat financial fraud is a win-win situation, as both have a vested interest in keeping accounts safe while maintaining an excellent customer service experience. Out-of-band authentication might be the technology that helps make that shared vision a reality.
This informative guest blog comes to us from Robert Coulter, with Authentify - an out-of-band authentication company who has been in the security business for 13 years. Passionate about fighting financial cybercrime, they recently introduced their 2CHK - transaction authenticator app to help improve the security for customers and financial institutions, and be a positive example of how the two groups can create a win-win.
I depend a lot on banking online and have always been concerned about the risk of exposing my credit card information. And the methods to prevent credit card fraud keep getting more complex, but the truth is it’s as simple as companies asking users to telesign in to complete a transaction by using 2FA. I am not sure why not all banks use this, in fact I feel suspicious when a bank doesn't ask me to telesign in, now it just feels as if they are not offering enough protection.