Source: Authentify, For Immediate Release
Secure second channel protects online and mobile banking customers from
man-in-the-middle and man-in-the-browser cyber attacks
Here’s how it works. The bank customer activates a small, convenient app on their smartphone or PC and links it securely to their account using voice or SMS-based OOB authentication. Once this is done, the 2CHK app is “always on” and maintains a secure channel to Authentify’s authentication service. The bank or ecommerce provider can then use this second channel and the 2CHK app to securely show customers the actual transaction details and let them approve or reject them.
The first key benefit is security. 2CHK complements online and mobile banking by providing a completely separate app and OOB channel that, due to layers of encryption, cannot be defeated by man-in-the-middle and man-in-the-browser attacks.
The second key benefit is convenience. Customers see transactions in the 2CHK app and can confirm or reject them easily. This contrasts with traditional OOB implementations that send a one-time password (OTP) number using a phone call or text message, which the customer then re-enters separately in the online or mobile bank app.
Authentify is targeting online banking and ecommerce providers as well as enterprise IT security applications with 2CHK. In the enterprise market, 2CHK enables businesses to more widely implement more effective security for logins, identity verification or digital signature without losing productivity or inconveniencing users.
Authentify is already the global leader in telephone-based OOB authentication, a proven and effective countermeasure recommended by federal authorities, regulators and leading consulting firms. OOB authentication is used by banks, ecommerce providers and enterprises to protect customers or users against sophisticated man-in-the-middle and man-in-the-browser attacks used to steal login credentials or hijack online sessions.
Authentify customers indicate that OOB authentication is a very valuable component of their authentication and risk management portfolio and they would like to do more of it. Authentify invented 2CHK to provide a mechanism to preserve the security/risk management value of OOB authentication without incurring variable transactional costs.
2CHK is the perfect complement to risk-based transaction systems because it is a true Web service (SaaS) and can be invoked with different levels of user interaction for different transaction types. The capability to add OOB safeguards within multiple layer security models fulfills industry best practices as recommended by the Federal Financial Institutions
Examination Council (FFIEC), Gartner Research, Inc., the FBI, the U.S. Secret Service and NACHA—the organization responsible for clearing U.S. online and banking transactions.
“Out-of-Band or dedicated hardware-based transaction verification uses a different communication channel to verify the authenticity of a transaction request,” said Avivah Litan, vice president and distinguished analyst at Gartner Research. “It is a valuable fraud prevention tool — as long as only the specific transaction verified or signed by the requesting user is executed (as opposed to a transaction that a criminal has overwritten with his or her own values).” [1]
“Our customers include some of the world’s largest banks, ecommerce providers and enterprises and we have been engaged with them throughout our development of 2CHK. Their feedback indicates we have created a unique solution that sets a new standard for convenient and cost-effective transaction security,” said Peter Tapling, Authentify president & CEO.
Authentify will be demonstrating 2CHK in Las Vegas and London next week:
- In booth 611 in the Fraud Prevention Pavilion at BAI Payments Connect 2012, taking place at the Mirage Hotel in Las Vegas from March 12th to the 14th
- At the e-Crime Congress, an event sponsored by Authentify, on March 13th and 14th in the Victoria Park Plaza Hotel, London
About Authentify, Inc.
Authentify, Inc. is the world’s leading provider of telephone-based Out-of-Band authentication services. Clients include five of the world's top ten banks, three of the five largest ecommerce websites and two of the top four insurance companies in North America. These multi-factor authentication (MFA) services enable organizations that need strong security to quickly and cost-effectively add two-factor or multi-factor authentication layers to user logons, transaction verifications or critical changes such as adding an ACH payee, resetting passwords or changing contact information. The company's patented technology employs a service oriented message architecture and XML API to seamlessly integrate into existing security processes. Authentify markets primarily to financial services firms that need to protect their clients' online accounts, corporate security professionals managing access control, and e-merchants who want to limit fraud on their sites.