One in four banks find it difficult to verify the identity of online banking customers

One in four banks find it difficult to verify the identity of online banking customers — Kaspersky Lab — “According to the research, in 2016, 30% of banks have had security incidents affecting banking services delivered via the internet — with phishing against customers, and using customer credentials for fraudulent activities, as the top contributing factor leading to the attacks.”

  • Willam Hugh Murray, CISSP

    Note that three out of four do not have such a problem. Many of those use mobiles to implement strong authentication schemes. Some of us will only do business with banks that offer such schemes.

    Strong authentication schemes are slightly less convenient than weak schemes like passwords but mobiles provide a reasonable balance between convenience and security.

    Wells Fargo is promoting mobile (cardless) access to ATMs. BoA is in the midst of its rollout. Wells Fargo is using a softwares only solution; this has given them a lead over BoA whose NFC hardware solution requires modification to thousands of ATMs. While I could not find one in NYC, we have them here in Fairfield County. (I know that TD Bank has cardless ATMs but have seen only local advertising.)

    Banks have been leaders in this space for decades. Magnetic stripe cards and PINs served us well for four decades until the cost of attack technology fell. Mobiles are the near future, replay-resistant biometrics are within a decade.