Industry News - Risk Base Authentication: the right approach for today’s security threats in online transactions environments
| | Multi Factor Authentication (MFA) is just a recent effort in guarding against fraud. Credit unions need a broad front of new programs to assure member confidence.
While many financial institutions are breathing a sigh of relief after implementing multi-factor authentication, it’s clear that security will continue to be in the forefront of IT initiatives as credit unions update systems to counter new attacks. The majority of Technology Survey respondents reported undertaking major security-related initiatives in 2007 or 2008. Financial institutions are finding the need to continually examine and adjust their practices in the face of new threats and technology advances.
As the use of electronic payments and billing increases, credit unions must be more vigilant than ever in identifying and stopping fraud online. Increasing use of online member applications and online loans offers great convenience and benefits for members but is also forcing credit unions to investigate better ways of confirming member identities. | New initiatives aimed at improving security and consumer comfort levels continue to change the competitive landscape. NACHA is working with a number of financial service industry stakeholders to develop a system to provide more secure payments by allowing consumers to authorize payments through their financial institutions directly to a vendor. The benefit is that consumers won’t have to give vendors their personal bank account info, and the payments go through quickly via ACH. The consumer goes from the vendor site to login with their financial institution and authorize the payment directly to the merchant. Several credit unions are expected to participate in the trial program being rolled out in 2007-08.
Improving and Adjusting Multi-Factor Authentication Systems
In the wake of the FFIEC recommendations, many credit unions found themselves implementing multi-factor authentication systems. The difficulty was that there was not much data on optimal systems for fighting fraud or industry best practices for implementation. Financial institutions found themselves under a tight deadline for evaluating providers and implementing new systems. Most of the Technology Survey respondents report that MFA is already in place or being implemented over the next year.
Post implementation, credit unions are finding the need to adjust their systems to better deal with the realities of member usage patterns and human nature. Depending on member demographics, some systems work better than others with highly mobile or non-technically oriented member segments. Some credit unions are realizing that the systems in place aren’t flexible enough to meet their member’s needs. Others are finding the need to adjust support practices for members who can’t remember their validation responses. While multi-factor authentication may have helped calm some of the fears of members who are currently online banking users, it is yet to be seen whether it will help convince other members to start using online banking.
Some financial service providers point out that the FFIEC guidance doesn’t require all financial institutions to adopt multi-factor solutions, but just complete a risk assessment.
But as more financial institutions adopt multi-factor authentication over the coming months, those who don’t have these systems in place may find themselves left behind as consumers come to expect more stringent online security measures.
Analyzing Transaction and Behavior Patterns
Security experts say that one of the best tools that credit unions have at their disposal is their own database of member transaction history and behavior patterns. Neural network systems that flag suspicious transactions are considered the fastest way to identify potential fraud and lessen its impact. As financial institutions look to reduce risk without relying on costly human methods, these systems may provide a cost-effective means of preventing fraud.
However, credit unions have to weigh security with member convenience. For example, too stringent controls may cause problems for members trying to access their funds or make payments while on a trip. As members make online payments in increasing numbers, rules and fraud scoring systems need to be adjusted to reflect this activity.
Regulators recently proposed new rules requiring financial institutions to have an identity theft program that includes “policies and procedures for detecting any “red flag” relevant to its operations and implementing a mitigation strategy appropriate for the level of risk”. The proposed regulations include guidelines listing patterns, practices, and specific forms of activity that should raise a “red flag” signaling a possible risk of identity theft. Credit unions will need to ensure their existing programs are detailed enough to meet and ideally exceed these regulatory requirements.
Develop an Action Plan to Handle Security Breaches
Even credit unions with the best systems in place can find themselves responding to a security breach by another partner provider. While it’s difficult to anticipate every fraud situation, credit unions should have action plans in place covering the major types of fraud seen today, including phishing, spoofing, internal security breaches, and vendor security breaches. These action plans should be periodically reviewed and updated to ensure appropriate personnel are involved.
Easy Solutions Inc, provides a simply and effective way to implemented a multifactor/multichannel risk based authentication systems based on the power of real device authentication provided by DetectID and complemented with intelligence of real time risk qualification features built within DetectTA.
Learn more about easy Solutions offering to fight against fraud by clicking here |
|
