Han Dong, Senior Product Marketing Manager, User Authentication
Some thoughts on a couple of recent articles, one from Gartner Research: Where Strong Authentication Fails and What You Can Do About It, by Avivah Litan and a similar article by Jaikumar Vijayan in Computerworld, which also references Ms. Litan's article.
The basic idea presented in these two articles is that "one-time passwords...are no longer enough to protect online banking transactions against fraud." These one-time password (OTP) token-based two-factor authentication methods may be compromised by man-in-the-browser malware that overwrites the user transactions to steal their assets. So the general recommendation from Avivah Litan is "A layered fraud prevention approach that includes server-based fraud detection and out-of-band transaction verification that precludes call forwarding to illegitimate user phone numbers can and has mitigated these threats."
We agree that OTP is not the end-all, be-all of security for the internet. In fact, VeriSign was recently recognized as a "best in class authentication technology solution" by Javelin Strategy & Research, primarily because VeriSign espouses a layered security approach to our customers for protecting online transactions. This approach includes Extended Validation SSL to authenticate the website to a user, with an easily identifiable green address bar. Plus the VeriSign Identity Protection Fraud Detection Service, which delivers risk-based authentication to monitor particular user behavior and trigger authentication when abnormal patterns or behavior are noted. And additionally, the VeriSign Identity Protection Service, one-time password (OTP) authentication to mitigate account takeover and require an additional factor the user must present, in addition to username and password for accessing critical accounts. OTP in and of itself is not a panacea, but it is part of a multi-layered security approach that anyone conducting business online should consider to protect its customers and business.
Fraud may be on the rise, so whom do you turn to for trust in the online world?
Easy, look for the check.