Last updated: 20 March 2014
If you read the news as much as I do, you probably have seen a lot of advice about how to avoid having your financial details stolen this holiday season. It’s true that conducting banking transactions or shopping online does make you vulnerable to cybercriminals lurking in the background. But there are a lot of steps you can take to help protect yourself, and several articles out there right now cover the basics:
- Five Tips for Staying Safe While Shopping Online this Holiday Season
- How to Stay Safe when Holiday Shopping Online
- How the Experts Dodge Online Shopping Scams
The problem, though, is that even the most vigilant online bankers and shoppers are still at risk. This is because banks and e-commerce sites are still relying on old-school usernames and passwords for authentication, and they aren’t using transaction signing at all. They should, and they can. It’s actually easy to do using consumers’ mobile devices.
What do mobile devices have to do with authentication? Well, let me explain. We all know that smartphone usage is more popular than ever – smartphones are in more than 50 percent of U.S. homes and tablets are in almost 20 percent. Consumers carry their mobile devices with them everywhere. Instead of banks or e-commerce sites issuing consumers separate software or physical tokens for strong authentication, why don’t they turn the mobile device into a strong authentication token?
The vision for the mobile device as a token is simple: embed leading security standards in a mobile app, generating dynamic, multi-layer transaction verification and One-Time Passwords (OTP) for any channel including m-banking, e-banking, e-commerce and phone banking. It will also verify and sign transaction details, countering the most advanced attacks such as Man-in-the-Middle/Browser, using Sign-What-You-See functionality. Because everything is housed on the mobile device, customers aren’t inconvenienced nor do they have to carry a separate device. I think they will actually find it kind of cool.
Strong authentication doesn’t have to be complicated or high cost. I urge banks and e-commerce sites to think about simple ways to implement stronger authentication in 2013, like taking advantage of the ubiquity of the smart mobile device.