Friday, April 17, 2009

Something Phishy About Bank's Not Using 2FA from HomeATM

Research shows that most online banking sites have inbuilt flaws which could potentially put valuable customer data into the wrong hands.

Now there is a way (since March 17th, 2009) to vastly increase the security of online banking. 

HomeATM engineered AND manufactures the world's FIRST and ONLY PIN Entry Device solely designed for online authentication and eCommerce to achieve PCI 2.0 certification.  What that means is:

Banks now have a choice.  They can use what many consider to be a very obsolete UserName/Password login OR they can provide a methodology which safely and securely authenticates their online banking customers with two-factor authentication. 

Logging on to a bank's online banking site is now quick/convenient and easy.
 

Bank customers would simply swipe their bankcard through HomeATM's SafeTPIN device and enter their bank assigned PIN. 

HomeATM is proud to introduce the security of "True" 2FA (two-factor authentication) to the online banking community AND provide the impetus for banks to procure more online banking customers via the allure of the most secure online banking platform in the industry.

I don't mean to oversimplify how easy it would be for a financial institution to implement "True 2FA" with HomeATM's device, but it's unavoidable.


To keep it short, I'll provide but one recent fact from Gartner Research:
According to research firm, Gartner, banks, online payment organizations and other financial institutions are bearing most of the financial cost of phishing attacks.  (A survey of nearly 4,000 US consumers revealed a 40% increase in the number of phishing victims in 2008 over the year before to five million.) 

The average loss was $350 per phishing attack, but consumers said they had recovered 56% of their losses from the financial institutions involved.  (That's $196 to the banks and $154 to the consumers)  "The findings underline the fact that the war against phishing is far from over," said Avivah Litan, analyst at Gartner.  (Yes, the very same Avivah Litan who says "never" enter your PIN on the Internet unless it's hardware based)
Guess what?  The HomeATM "SafeTPIN" device would not only eliminate "phishing attacks" but it would also eliminate the threat of "cloned cards," "cloned bank sites", AND provide "True 2FA." for online banking customers. 

Additional benefits include empowering online banking customers with the ability to perform:

  • Person to Person Money Transfers,
  • Bill Payment Online (with "True PIN" vs. PINless Debit)
  • Secure online transactions with online retailers.
As I said, I don't mean to oversimplify WHY they banks should investigate our solution further, but sometimes the simplest things in life are the best...aren't they?

In closing out this week's edition of the PIN Payments News Blog, 'll state one more "food for thought" item. 

According to a trustworthy source, Bank of America spent $129 Million on PCI DSS compliance last year. 

Now I'm not saying that our SafeTPIN device would eliminate the entire cost of PCI DSS compliance, BUT...on account of how we are "already" PCI 2.0 PED certified, any bank that utilizes our device for "True Two Factor Authentication" during the log-in process, would effectively be removed from the scope of PCI DSS requirements. 

  • at least for their online banking application
  • and Bill Pay
  • and online eCommerce Transactions
  • and Money Transfers
So...to anybody out there that knows some high level banking executives...pop me an email and let's talk. 

I'll make you some serious money, save the bank's some serious money, enhance the banks' image AND provide consumers with the peace of mind knowing that their financial information is secure!

Consumers fear financial security threats more than the threat of a terrorist attack (see graph on left)  

Here's a quote from:  Convenience or Security?  How About BOTH?

American's "DEFINITELY" want security.


In fact American's worry more about credit and debit card fraud than they do about a terrorist attack...according to a new report from Unisys.
 

Oh...and in quantity, our device costs about 10% of what it currently costs banks and consumers for each "phishing incident."  Simple...ain't it?












Reblog this post [with Zemanta]

Disqus for ePayment News