Tech Insight: Two-Factor Authentication Alone Isn't Enough
Protecting online banking customers entails a more holistic approach by banks that includes risk-based authentication, browser protection, and fraud monitoring
3. Risk-Based Authentication
This model implies different levels (strengths) of authentication based on risk factors, such as transaction type or size, customer profile, etc. Keep in mind that the customers who have the highest need for strong authentication and additional security often have the lowest tolerance for the imposition of additional security procedures, especially since they know if they are compromised their bank will not hold them liable. Refer to the previous item -- we must constantly educate our customers.
4. Browser Protection
This refers to technologies that protect, or "sandbox," browser sessions while customers are connected to specific websites. These technologies disable the often exploited browser helper objects that criminals use to inject malicious code into a user's session to perpetrate man-in-the-browser attacks, which have been known to defeat many forms of strong authentication. One way to improve browser security is to encourage users to upgrade their browsers. In many parts of the world, users are still using browsers that are several years old when upgrades are available at no charge.
More Security Insights
- A Smarter Approach: Inside IBM Business Analytics Solutions for Mid-Size Businesses
- Collective intelligence: Capitalizing on the crowd
- Informed CIO: SDN and Server Virtualization on a Collision Course
- Strategy: Building and Maintaining Database Access Control Permissions
- Mobile DevOps: Achieving continuous delivery with multiple front ends and complex backends in Banking, Financial Services, and Insurance
- How Cloud Facilitates an Agile Contact Center
5. Fraud Monitoring and Incident Response
A critical and often underemphasized element in the battle against online fraud, this area could save your bacon if all else fails. It's important to get this right. This is a complex, often expensive, proposition, but should not be overlooked because it's the last line of defense before the money walks out the door.
In future articles, I will dive deeper into each of the five areas above to explain the benefits and the challenges with each.
It is encouraging to finally see an increasing demand from our customer base for more visible security, and this appears to be finally emerging as a potential competitive advantage. Our marketing teams are now more engaged than ever to position improved customer protection as a feature of our online banking channels. This is exciting because we no longer have to sell the idea that security is important -- it is fundamental. Online security is now more understood than it has ever been, and I look forward to partnering with our customers to ensure they remain safe while online.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.