Blog article
See all stories ยป

An article relating to this blog post on Finextra:

Financial institutions have lost battle to protect customer data - TowerGroup

US financial services firms have lost the battle to protect the personal information of customers and must now assume that all their clients' data has been, or will be, compromised, according to Tower...

See article

Authentication Factors

Reaction to the article of TowerGroup

Regarding the usage of "traditional" account information (name, address, birthdate...) as authentication factor, I guess we can say that, at least in Finextra Community, we know that this type of data has been compromised long before being put on the spot by the successive data breaches.

Even before the series of data breaches, this type of "traditional" information was already easily available on the web via the social networks and deep web search tools. There is always a trace somewhere even if you never enter your info on a website.

Concerning the recommendation of using knowledge-based authentication and one-time passwords delivered via SMS, I could not agree more.

The type of information that needs to be used for the authentication has to be dynamic, and the process itself must include an out-of-band channel to be insensitive to the latest hacking techniques.


Comments: (0)

Cedric Pariente

Cedric Pariente

Stanford Certified Project Manager

EFFI Consultants

Member since

20 Dec 2008



Blog posts




This post is from a series of posts in the group:

Transaction Fraud Systems and Analysis

A community for discussion of Transaction Fraud systems and anlaytical techniques for bank card and financial services organisations.

See all

Now hiring