Chris Skinner does a great job in this article, of describing the challenges facing banks, and validates the points we have discussed about the importance of following customers’ patterns.

…   the result is five-factor authentication for online and offline banking services. The five factors being:

• something you have, such as a card, a key or a radio frequency chip;
• something you know, such as a PIN, a password or an answer to a unique question;
• something you are, such as your unique way of signing or your voiceprint;
• your behaviours, based upon your usual transactions and whether this transaction fits that profile; and
• your location, and whether this is a place you would normally transact.

Source: Finextra: comment – Who are you?

The sophistication of criminals grows exponentially, and its just plain ludicrous to assume one solution will solve future crimes.  We have seen how ‘man in the middle attacks’ can subvert CAP/ Verified by Visa for example.

The solutions have to be layered, and pervasive.

If they are called ‘Joe Brown’, performing online bill payments, have passed all the normal identification checks, do not appear to be doing any unusual activities based upon past behaviours and are in New York, then that passes under the radar. If all other factors are acceptable, except that they happen to be in a town where Joe Brown would not normally be using online banking, then the alarm appears and additional security can be used to check it really is Joe.

A fascinating stat included is the level of attacks on Bank of America every hour!

• 150,000 paper pages of data being disposed of incorrectly;
• 16,000 ‘sniffer’ intrusions on their Website;
• 175 denial of service attacks; and
• 3 brand new phishing Websites launched targeted at Bank of America.

Every hour of every day.

tags: bank+fraud, phishing, security