Responsible financial institutions understand the importance of improving security to protect their banking clientele. The key to implementing improved security effectively is to balance security with the overall user experience and streamline steps between initiating and completing transactions. One of the most popular methods, SMS OTPs, provides convenience but is also susceptible to well-known malware threats. This does not, however, diminish mobile devices' usefulness in the fight against fraud. Native capabilities that can leverage out-of-band data networks take transactions off infected desktop and SMS channels providing a secure method of transaction completion. By using this option, financial institutions can reduce fraud and improve the secure user experience.
Banks are providing options for an additional authentication factor to approve transactions, but not all methods are created equal.
SMS does not provide the necessary level of security for banking transactions; however, mobile devices have other native capabilities that may be leveraged.
Leveraging mobile's out-of-band data capabilities provides banks with a platform for taking transactions off the infected desktop channel and completing "identity-assured" transactions.
This holds the promise of providing financial institutions with safe, convenient and always-in-hand solutions to secure identities and transactions across various environments.
The use of mobile devices and other out-of-band security capabilities may be used to empower customers to better secure online transactions and defeat malicious fraud attacks that attempt to highjack customer accounts. This movement holds the promise of safe, convenient and always-in-hand solutions to secure identities and transactions across various environments.
Identity-assured transactions are a proven defense against malware, advanced persistent threats and other online fraud. Moving transactions out-of-band to the mobile channel allows customers to review exact transaction details, and also provide real-time confirmation and approval from the convenience of a smartphone.
The two-pronged approach - first secure the device, then leverage it to improve security - is an effective method to reduce business risk and introduce new, innovative transactional services that improve the user experience for customers and employees. It's a true differentiator in an already competitive marketplace.
Soroko is Head of Malware Research for Entrust. Soroko has spent more than 10 years with Entrust in various developer or architect roles. As malware becomes more advanced, the need for Entrust to understand evolving threats requires considerable investment. Soroko frequents security conferences and tradeshows to educate the industry on identity-based security and ensures Entrust stays at the forefront of understanding this offensive capabilities possessed by today's malicious actors. Prior to joining Entrust, Jason worked in Geographic Information Systems (GIS) for the oil and gas industry.