Authentify, the leader in phone based, totally out-of-band authentication, TOOBA, released its ETF Verifier™ application enabling financial applications and payment platforms to alert account owners whenever a new funds transfer destination is added to the user's account. The process permits the account owner to cancel a transaction they have not initiated.
"If I break into your home and steal jewelry, I still have to 'fence' the items to get cash"
Malware "loggers" like ZeuS capture everything typed on a user's keyboard including bank account numbers and passwords. A criminal must still get funds out of the account. Electronic funds transfer via wire transfer or e-payment applications have become the attack point. Adding a payee account number at an account the fraudster controls is the final step.
"If I break into your home and steal jewelry, I still have to 'fence' the items to get cash," according to Peter Tapling, Authentify's CEO. "The fraudsters must still turn those logged keystrokes into cash. Stop them from adding a new payee or transfer number to a compromised account and you stop the theft."
Authentify's ETF Verifier™ can be invoked whenever a new payee is added to an online payment or wire enabled account. The Totally Out-of-Band Authentication process or TOOBA, sends an XML message to Authentify's telephony service center. The message triggers a phone call to a telephone number for the account owner. Transaction details including payee identification is repeated via phone to the account owner and allows the user to approve or cancel the transaction via the telephone keypad.
"If you're not using your account and you're called regarding a transfer, you know something is wrong," according to Tapling. "The call provides the chance to stop the fraudulent transaction and delivers a red alert that there is a problem."
ETF Verifier™ is available immediately.