With the UK’s “Get Safe Online Week” drawing to a close today, hopefully awareness of fraudulent online activity is on the up. The campaign highlighted all sorts of risks consumers may face with online banking, online shopping and their use of smartphones
to browse internet websites, and explained how they could take care and be aware.
Unfortunately, it is almost unavoidable that determined fraudsters will obtain bank details, although there are ways to prevent them from actually benefiting from the use of the details, namely multifactor authentication and out-of-band systems as I’ve argued
before in these blogs.
However, there was not a lot of information this week about how an individual can be sure that it is their bank and not a fraudster calling or emailing them. It is all too easy for individuals to be lured into a false sense of security when they receive
calls from people claiming to be from their bank. As a result they unwittingly provide the fraudster with personal information while ostensibly being asked to “verify” that they are the account holder.
Banks are (rightly) putting great emphasis on getting customers to identify themselves with security questions and one-time passwords, but how can bank customers feel similarly confident that the person on the other side of the phone really is from their
bank?
Well, one approach that can help is for the customer and the bank to agree on a secret pre-recorded word or phrase – recorded by the customer. When the bank calls the customer, the customer hears a replay of the pre-recorded secret word or phrase and the
customer can be assured that they are speaking to their bank and can carry on with confidence.
Mutual authentication – now there’s a thought!