Financial institutions are deploying new authentication technologies — like graphical watermarks — to hamper hackers who can somehow slip past biometric and token technologies, experts tell TechNewsWorld.
“We’ve seen evidence of new Trojans that bypass most two-factor authentication devices — e.g. tokens and biometrics — by waiting for the user to authenticate at log-in,” said Naftali Bennett, chief executive officer of Cyota, a developer of authentication technologies based in New York City.
“Once authenticated, these Trojans come alive and drain the accounts behind the scenes. Unlike spyware or phishing, there is no need to capture the target’s ID or password. Once they open the door, the thief walks in behind them.”
Developers like Cyota have created new technologies to combat that phenomenon. A next-generation digital watermark called eStamp released last week by Cyota verifies a bank account-holder’s identity with a personalized graphical watermark — before they divulge sensitive information.
The digital watermark is not cookie-based. A study released by Jupiter Research indicates that most users routinely delete cookies every month. Since the majority of security for online banking has relied on cookies, this has harmed security, experts believe. The cost is said to be 10 cents per PC user per year.
About four years ago, companies began working behind the scenes with Mastercard and Visa, among others, to develop new, digital watermark technologies, and the Cyota project is the first to come to fruition. The first generation of the technology has been in use for years by 15 of the world’s largest banks, and thousands of smaller banks worldwide.
New guidance was issued by the government’s Federal Deposit Insurance Corporation last month, suggesting that banks improve their own security infrastructure as well as buttress the security on their customer’s home PCs.
Some in the industry, however, are critical about the guidance. “Banks cannot expect or enforce customers to keep spyware out of their computers, but banks can take steps to eliminate or minimize the damage that spyware causes,” said Bennett.
The new technology from Cyota works from any device or location — so consumers can employ it at home. The risk-based authentication technology scans through a database of fraud patterns to discern risky transactions.
There are other new technology approaches too — coming online — which will help prevent hackers from gaining access to one’s computer banking account.
The first step is analysis of internal processes. According to John Pironti, the principal security consultant at Unisys, financial institutions need to “differentiate” the layers of protection. “They need to ask themselves the tough questions: How much security is enough? How is someone going to attack? What are the impacts, the threats and the likelihood they will occur?”
The worry, business consultants say, is that too much technology can be an inhibitor. It may dampen online commerce, and, thus, harm the U.S. economy, which benefits from the productivity provided by the Internet.
According to Sam Curry, a vice president at Computer Associates in its e-trust security management unit, security that is too “esoteric” can be a business inhibitor. The new guidance coming from the feds may change that, however. “Regulations are forcing the bridge between security in general and business needs,” said Curry.