Getting tough – cost-effective solutions to fight the frausters

JD. Online banking customers have the same fear that online shoppers have about the security of their personal information and identity theft. 61 percent of internet users in the US say they would shop more online if they could pay with something other than a credit card. In addition, according to the Gartner Group, the fastest growing cyber-crime is unauthorized access of bank accounts. If the banks were to survey their online customers (those people that have signed up for the service) versus their online users, they would find a large discrepancy. Addressing the security issue is vital for banks, who want to encourage online use to lower their service costs and capture a major market.

FST. What impact does this security risk have on banks when it comes to loss of customer trust, costs of implementing security solutions, etc?

JD. The impact gets bigger every day, with new results published and reported by the media. Banks need to find a secure and cost-effective way of authenticating online banking users and to put this in their customer’s hands. The two-factor authentication approach should provide user identification without the need for a keyboard and is portable enabling use wherever a computer is present.

FST. US banks are now required to implement a two-factor authentication by the FFIEC in order to combat internet fraud. What is the basis of this mandate and how are current security measures falling short?

JD. Many banks are looking for a quick solution, such as more challenge questions or anomalies, or software that is specific to a particular computer. The challenge questions are nothing more than an extension of the name and password, while anomalies search only for what is out of the norm for a particular customer. So if, for example, a user was out of town and banking online they might get bumped from the system. Computer specific security is not portable and won’t meet the customer’s needs. The second factor should be something physical, easy to use and portable, much like an ATM card.

A true two-factor authentication must offer a secure encrypted exchange to validate identity. It must avoid the keyboard for entries (to avoid key loggers) and issue new tokens every 60 seconds specific to required transactions. imX Solutions is able to offer this today and, because the media used is a credit card-sized CD, it is also a low cost solution.

FST. What problems or barriers still exist to use of these methods and how might they be overcome?

JD. There are no barriers to implementing the imX Solutions offering because it requires no special hardware. The consumer will go through a short learning curve, not unlike they did with the ATM years ago, but as users become more and more computer savvy they are able to adopt the technology faster. These same users are now aware of phishing, pharming, keylogging and man-in-the-middle attacks and want to be protected from them.

FST. The problem of addressing online security threats is often described using the analogy of the cheetah and the gazelle – how can you ensure that your solutions are always ahead of the fraudsters?

JD. Our technology searches the host computer for evidence that attacks on the system have been made. You will know if a keylogger or Trojan attack has been made. Our solution goes through upgrades much like the best in class virus protection software. It is an ongoing process for protection from fraudsters and, again, if a card needs to be replaced it is done so at a very low cost again because of the media selected.