Solutions for Security Management in Financial Industries
DynaPass™ is Compliant with Security Standards Defined by the FFIEC
Online banking started in the 1990s as the internet began to branch its roots into our every day lives. By the year 2000, 80% of U.S. banks were offering online services. Customer use begain slowly in ligiht of security concerns, but the greater accessibility of the internet and the convenience of online banking gave way to its explosive growth during the early 2000s. By 2009, an estimated 47% of U.S. adults were banking online. Banks have since also incorporated mobile banking, an extension of online banking using a smartphone application which relies on wireless internet. Mobile banking has seen a rise to 45% of bank customers.
Online banking allows you to checking your balance, manage your account, and pay bills among the many more services available 24 hours a day. While an increasing number of customers have embraced this convenience, the problem still at hand is security. Online banking requires special security measures considering the sensitive information that is being managed and exchanged. The greatest threat comes from identity theft and fraud that target customers through phishing scams and man-in-the-middle attacks. As the use the online banking and technology expands, so has the occurence,sophistication, and severity of these attacks.
The Federal Financial Institutions Examination Council (FFIEC)
The FFIEC, which supervises finanical institutions through standards and uniform principles, has acknowledged the growing threat cyber attacks and the need for better security and financial practices. The financial cost due to identity theft has been estimated in the billions and growing. With these astronomical losses and the vulnerability of standard user authentication, the FFIEC has issued issued new recommendations regarding reguarding online banking security in 2011. Among the new recommendations is emphasis on layered security, advanced risk assessment, and multi-factor user authentication. With the bulk of security breaches beginning at the user authentication level where standard authentication is highly vulnerable, we believe that a strong user authentication system can reduce unauthorized access to user accounts.
DynaPass™ Delivers True Two-Factor Authentication to Prevent Identity Fraud
- DynaPass™ -- provides secure Two-Factor, Two-Channel authentication for online banking access and transactions.
- DynaPay™ -- provides secure Two-Factor, Two-Channel authentication for use of debit cards and prepaid cards on the Internet without PIN exposure.
DynaPass™ delivers a simple yet effective two-factor authentication solution to combat the growing threat of cyber attacks and fraud. It is estimated that 99% of online banking customers own a mobile phone. By using the mobile phone as a second factor for user authentication, Dynapass™ makes it more difficult for an account to be compromised. DynaPass™ works by sending a one-time password sent via SMS text messaging in an out-of-band environment to the user's phone. The mobile phone will function as an identifying proof of a person similar to a token device or ATM card. DynaPass™ also offers advanced features that provide additional layers of security, such as password prefix/suffix and account access time frames.
Online Banking Presents the Highest Risk for Identity Fraud
- Billions lost in 2010 due to online banking identity fraud
- Increase and sophistication of phishing and man-in-the-middle attacks
- Networks have never allowed less expensive online PIN debit for fear of exposing PINs on the Internet; instead, merchants pay highest fees for processing as “card not present” credit card transactions
- FFIEC mandates multi-factor authentication for user authentication
The following table compares the cost and effectiveness of OTP devices
|OTP generated centrally and sent to phone via SMS||OTP generated by application downloaded to smart phone by user||OTP generated by a separate security token device|
|Potential portion of market
|> 100%||Less than 1% of mobile phones utilize token software on handsets||Less than 10% of corporate
market uses token devices
|Strength of security/market
|High level of security with high adoption rates using ubiquitous device and delivery method, the mobile phone and text messaging||High level of security with high adoption rates using ubiquitous device and delivery method, the mobile phone and text messaging||Moderate level of security with largest security breach reported in 2011.5 Adoption rates have decreased dramatically as tokens become unreliable and too costly to deploy/manage|
|Speed of OTP delivery||2-4 seconds||Immediate||> Every 20-30 seconds|
|Simplicity for user||Simple (SMS used by 100% of cell phone users)||Moderate
|Used only by large enterprise /
|Cost of capable phone and
or token device
|Available, regardless of
cell service carrier?
|Requires cell network