A single layer of authentication is an “open door” for bank fraud

Posted on: April 10th, 2012 by art

In today’s fraud landscape, a single layer of authentication can be an open door invitation to fraud. These may sound like harsh words, but the fact of the matter is, they’re true. Any financial institution that relies on one security technology is going to run into trouble. If not today, then some time down the road. It’s really just a matter of time.

The recent Investors.com article, “Zappos Breach Shows Hacker Hits Just Keep Coming,” hits the nail on the head in regard to layered security. Despite technology improvements, even the most secured companies with layered security can be penetrated to a certain degree, said Amir Orad, CEO of the financial services security firm, Nice Actimize.

“It shows the value of layered security. One has to assume that some of the layers will be breached — if not today, then tomorrow.”

Having a multi-layered defense that includes two-factor identification technology can make a big difference in how far a perpetrator gets and how much confidential customer or company data they get away with. This is why the new Federal Financial Institutions Examination Council (FFIEC) security guidelines call for banks to use layered authentication to minimize the risk of fraud. More specific, having at least two of the following three categories is essential to meeting this authentication criteria:

     1. “Something you know” (e.g., password, PIN number, personally identifiable information [PII])

     2. “Something you are” (e.g., fingerprint, retinal pattern, DNA)

     3. “Something you have” (e.g., ID or ATM card, security token, telephone)

Most banks use both passwords and knowledge-based authentication (KBA) techniques (security questions) to identify customers. The problem is both of these methods fall within the same (“Something you know”) category. This not only leaves financial institutions susceptible to criminals who know all the information, they are not in compliance with the FFIEC’s new multi-factor authentication recommendations.

When it comes to one of the most widely used banking channels today — the telephone — the TrustID® network-based Physical Caller Authentication tool takes a unique approach to authenticating customers dialing into a bank’s call center. Instead of relying on what the caller knows, TrustID makes the telephone number a valid “Something you have” credential by automatically validating the claim of Caller ID and ANI before the call is answered. This, combined with authentication methods that use KBA, PII or PIN numbers to identify customers, gives banks a critical layer of defense needed for protecting customer and company data, and at the same time, helps them meet the FFIEC’s guidelines for true multi-factor authentication.

 

Tags: , , , , , , , , , , , , ,

Comments are closed.

  • REQUEST INDUSTRY BRIEFING PAPERS
  • VIEW DEMO
  • USE CASE
  • ANI SPOOFING TOOL

  • CISO Text

             

    Authentication without caller involvement materially improves the customer experience, especially for ‘premier accounts.’ TRUSTID will greatly assist with not only customer service, but also with board level compliance issues.

    – CISO, top 10 global bank

  • CISO 2 Text

             

    As less customer PII is made available to our contact  center advocates for identity validation, our enterprise risk of a costly data  breach is dramatically decreased.

              – CSO, global financial company

    Offshore agents are highly vulnerable to fraud schemes  and social engineering. TRUSTID’s solution enables informed routing decisions,  optimizing agent cost reduction programs.

             - CISO, top 10 global bank           

  • VP Quote text

         

    Since  it is now commonly sold by criminals, personal information for identity authentication is no longer the single solution to identity resolution. The  value of knowing reliably that a customer is calling from their phone is far better security than knowing the last four digits of someone’s SSN.

    - VP of Card Fraud, large international bank