By: Sean Martin
How does your financial institution approach authentication?
A recent article by American Banker, 10 Big Ideas for Banking in 2013, shares thoughts on revising your authentication strategy as a way to improve your systems’ defenses. To be certain, while you are updating your security policies, hackers are revamping their attack methods, making authentication an essential factor to consider when developing your security strategies for 2013.
Many banks currently are using knowledge-based authentication only. This is a tried-and-true method, but there are a few possibilities for hackers to compromise this form of authentication. For example, the Zeus Trojan could infect a customer’s system to capture keystrokes and forward those to a hacker. Or it can redirect users to a phishing site where they provide the correct answers to their security questions for hackers to then use.
To be effective, several types of authentication should be considered for today’s security purposes, but the approach that your institution takes should reflect your customers. What information are your customers comfortable sharing? Do the majority of them use text messaging on their mobile phones? You can have various layers of authentication in place, but if your customers aren’t comfortable using them—the authentication won’t protect their information.
An additional factor to consider when addressing the methods of authentication to use is the guidance provided by regulatory agencies. For instance, the FFIEC advises the use of multifactor authentication where challenge/response approaches to authentication are not considered compliant unless coupled with something the user has(a PIN sent to a user’s cell phone) or something the user is (a fingerprint).
And even if you’re not a “big box” bank, don’t think your bank is at less risk from hackers, because they assume that the IT budget for smaller institutions is lower. Authentication strategies are important for financial institutions of all sizes. The best authentication methods and strategies depend on your financial institution’s user base. So as you rethink authentication in 2013, ask these two critical questions:
- How comfortable are your customers with specific technologies?
- What strategy is the easiest to implement based on your customer base, with cost effectiveness in mind?
Security changes constantly, as do your users and the applications that they use to access their accounts. That’s why it’s more important than ever to stay updated on the level of authentication that’s best for your organization.
Sean Martin is an operations center manager and risk expert with Computer Services Inc. (CSI)’s Managed Services Division, a leading provider of cloud-based managed performance, security and IT-related services. Sean may be reached at firstname.lastname@example.org