News Authentication

Tech Insight: Two-Factor Authentication Alone Isn't Enough

Protecting online banking customers entails a more holistic approach by banks that includes risk-based authentication, browser protection, and fraud monitoring

Greg Thompson, Contributing Writer December 10, 2010

3. Risk-Based Authentication
This model implies different levels (strengths) of authentication based on risk factors, such as transaction type or size, customer profile, etc. Keep in mind that the customers who have the highest need for strong authentication and additional security often have the lowest tolerance for the imposition of additional security procedures, especially since they know if they are compromised their bank will not hold them liable. Refer to the previous item -- we must constantly educate our customers.

4. Browser Protection
This refers to technologies that protect, or "sandbox," browser sessions while customers are connected to specific websites. These technologies disable the often exploited browser helper objects that criminals use to inject malicious code into a user's session to perpetrate man-in-the-browser attacks, which have been known to defeat many forms of strong authentication. One way to improve browser security is to encourage users to upgrade their browsers. In many parts of the world, users are still using browsers that are several years old when upgrades are available at no charge.

More Security Insights

White Papers
More >>
Reports
More >>
Webcasts
More >>

5. Fraud Monitoring and Incident Response
A critical and often underemphasized element in the battle against online fraud, this area could save your bacon if all else fails. It's important to get this right. This is a complex, often expensive, proposition, but should not be overlooked because it's the last line of defense before the money walks out the door.

In future articles, I will dive deeper into each of the five areas above to explain the benefits and the challenges with each.

It is encouraging to finally see an increasing demand from our customer base for more visible security, and this appears to be finally emerging as a potential competitive advantage. Our marketing teams are now more engaged than ever to position improved customer protection as a feature of our online banking channels. This is exciting because we no longer have to sell the idea that security is important -- it is fundamental. Online security is now more understood than it has ever been, and I look forward to partnering with our customers to ensure they remain safe while online.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.


Related Reading

News

Commentary

Most Popular

On the Web

More On the Web»

Slideshow

Dark Reading Discussions

Start the Discussion


InformationWeek encourages readers to engage in spirited, healthy debate, including taking us to task. However, InformationWeek moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. InformationWeek further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.