20 July 2018
Nick Ogden

71326

Nick Ogden - ClearBank

46Posts 191,370Views 33Comments
Online Banking

Online Banking

This community is for discussion of developments in the e-banking world, including mobile banking. This can include all the functional, business, technical, marketing, web site design, security and other related topics of Internet Banking segment, including public websites of the banks and financial institutions across the globe.

Secure transactions - It takes two

15 March 2010  |  3776 views  |  1

It’s hard to ignore – card fraud in the UK is a significant burden, still running at over £440 million according to the latest figures from the UK Payments Association. Not surprisingly the nature of this threat has evolved dramatically in recent years. It has moved away from face to face fraud, largely eliminated through the introduction of EMV and Chip & PIN, and into online channels, in the form of Card Not Present attacks against both e-commerce sites and online banking.

The UK Cards Association paints a rather bleak picture with losses from online banking fraud increasing to £59.7 million in 2009, an 18 per cent rise on 2008 and more than doubling since 2007 when there were £22.6 million of losses. With the economic slowdown of the last 18 months coupled with more uncertainty on the horizon, the safety of our money and security of our identity is extremely precious and the public need a solution they can trust and that tackles the security of transactions across multiple channels.

Why introduce a second channel?

When online, the channel you are using (the electronic line of communication over the computer) is subject to malware scams and phishing attacks, an increasing threat due to criminals employing more sophisticated methods to target this growing market. With this in mind it is evident that the genuine user must personally authorise, and adequately authenticate themselves to prevent these threats from materialising. 

The solution arguably resides in having a multi-faceted security model where there is a secondary channel to re-authenticate the user, thus preventing the impersonation by an imposter hi-jacking an electronic line of communication. The most obvious second channel device for me is the mobile phone.

Why use a mobile device as the second channel?

The mobile phone is not only ubiquitous, but perhaps more importantly almost always on our person and has come to be a device that many cannot live without. The mobile also already contains strong security systems including the addition of anti-malware and the screening of traffic by the mobile service providers to ensure reliability of channel.

It is more than likely that fraudulent attacks will only grow as we increasingly go online for our e-commerce and banking needs. With the ongoing uncertainty of the economy set to continue, in 2010 we will arguably demand a more secure method of authenticating and authorising our transactions. The two channel method offers a solution to this end and the mobile phone is the most natural and obvious device as the second channel.

TagsSecurityPayments

Comments: (1)

Stephen Wilson
Stephen Wilson - Lockstep Group - Sydney 16 March, 2010, 12:47

Using a second, redundant channel to harden authentication does have a superficial attraction.  Security geeks like redundancy, so that's good.  And yes the mobile phone is almost ubiquitous (although in itself that doesn't make it inherently convenient if you needed to use your phone to confirm first-channel transactions like ATM withdrawls and POS payments all the time).

But a more important security principle is K.I.S.S!  I say let's make the first channel properly secure before we start to augment it with additional cumbersome, time-charged, and performance-limited channels like mobile telephony. 

Yes the primary (Internet) channel needs help.  I say let's add digital signatures from trusted chip devices like EMV cards, rather than add a whole extra channel.  If we simply signed our remote transactions using a chip at the browser then we could eliminate replay attack of stolen account numbers today.

 

Be the first to give this comment the thumbs up 0 thumb ups!
Comment on this story (membership required)

Latest posts from Nick

How do Fintech entrepreneurs get help?

08 January 2018  |  14715 views  |  0 comments | recomends Recommends 0 TagsInnovationStart upsGroupFintech innovation and startups

Negative Interest Rates - UK banks introduce plans to charge their customers

04 February 2016  |  3348 views  |  0 comments | recomends Recommends 0 TagsRetail bankingTransaction banking

Competition probe, your views count!

18 July 2014  |  2916 views  |  1 comments | recomends Recommends 0 TagsPaymentsRetail banking

Birth of a new Currency?

16 July 2014  |  2860 views  |  0 comments | recomends Recommends 0 TagsPaymentsRetail banking

Non Bank, Business Bank Accounts?

22 April 2013  |  3957 views  |  0 comments | recomends Recommends 0 TagsMobile & onlinePaymentsGroupInnovation in Financial Services

Nick's profile

job title Executive Chairman
location London
member since 2012
Summary profile See full profile »
I am passionate about business change and have been fortunate to have had some success with my various start up ventures. I am also fortunate to be a director of the UK Faster Payments Scheme.

Nick's expertise

Member since 2008
45 posts33 comments
What Nick reads

Who's commenting on Nick's posts