Multi-factor authentication for home banking

Flask Data provides a one-stop cloud subscription for EDC, data management and statistics.

For fear of becomming(sic) the next victim of identity theft, 150 million U.S. consumers don’t bank online, according to experts. But the banking industry could improve profitability by as much as $8.3 billion per year if banks build consumers’ confidence in online security, according to the TriCipher Consumer Online Banking Study, conducted by Javelin Strategy & Research for TriCipher, a Los Gatos, Calif.-based authentication solutions provider.

I don’t doubt that US banks, after having received all that tax payer money, will spend some of it on biometrics and multi-factor authentication. I predict that they will eventually abandon ship on authentication technology for home banking, when they realize that authentication technology doesn’t protect their customers on the Internet.

Multi-factor doesn’t prevent phishing. It doesn’t prevent identity theft. It doesn’t  secure online accounts from fraudulent transactions.  Take two attacks for example:

Man in the middle – an attacker sets up a fake banking web site and gets people to login, by passing the request for authentication thru to the real bank – the attacker doesn’t care if the user is authenticated with  biometrics or with out of band SMS messages – that’s great.   He still gets the user into his system in order to harvest usernames, passwords, credit cards and account numbers

Trojan horse
– an attacker distributes a Trojan on a CD or from a online adult content site.  When the user logs in to the bona-fide banking site, he can use the connection to perform fraudulent transactions – like account withdrawals and funds transfers while the user is logged-in and authenticated.

Multi-factor and biometrics work well in a controlled environment like a corporate local area network but in the wild – the threats are changing too fast for multi-factor authentication solutions to provide effective data security.

What will get more people to use online banking?

  • Trusting their bank.
  • Banks that don’t lose customer data
  • A simple but robust online login method (account, username, password) that uses offline, face to face authentication to validate identity before issuing a username/password and enforces strong, frequently updated passwords.
  • Education about the dangers of phishing
  • A well engineered online banking web site that doesn’t require hardware dongles and Java or ActiveX client software
Related Posts Plugin for WordPress, Blogger...

Flask Data is a technology company with a strong people focus. We are a diverse group of computer scientists and clinical operations specialists based in Israel, the US and India. We are accomplished at providing our customers with the most effective way to achieve high quality clinical data and assure patient safety. There is no single solution that works for every clinical trial. We work hard to understand your unique situation. We work with your team to develop the best solution to achieve high quality clinical data and assure patient safety the same day you engage with patients.

Flask Data – same data data and safety solutions for clinical trials.

Contact us to learn more

Tell your friends and colleagues about us. Thanks!
Share this

Leave a Reply