On the Internet, the bad guys are sadly winning the war against banks and other financial institutions. Cybercriminals are becoming more sophisticated, deploying blended threats against banking and payment networks, and using multiple access methods to steal money. Their market share is increasing too. This isn’t good news for legitimate businesses that want to stop money laundering, e-commerce threats, account takeovers, pre-paid debit card abuse and other online banking exploits.
Two-factor exploits (such as Emmental) have also grown, making three or more factor methods more important. And as more banking is done using mobile applications, institutions are faced with more challenging security requirements as customers can authenticate and conduct their business from anywhere and with any device.
In a white paper here, I describe these problems and how using a risk-based authentication approach can protect the entire lifecycle of banking activities as well as satisfy the needs of users for convenient and transparent access to their accounts.