It may seem tedious, but verifying your identity when banking online, our Cash Management Experts agree, is a crucial security measure for any business. Below, we outline the good, the bad, and the necessary when it comes to authentication protocols and layered security controls that better detect and prevent online banking fraud.
Authentication describes the process of verifying the identity of a user when logging in to an online banking session. Typically, the user initially provides valid identification information and later matches one or more authentication credentials—something the user is, has or knows—to prove his identity.
Authentication methods are numerous, ranging from simple to complex, single-factor to multi-factor, and include security tokens and out-of-band authentication (OOBA).
Tokens, akin to electronic keys, are pocket-sized devices that either connect to your computer (USB tokens plug directly into the USB port and Smart Cards are inserted into an attached card reader) or generate a one-time password (OTP) every 30-60 seconds that must be entered into the login screen. They are considered a multi-factor authentication technique because they verify the user’s identity using two factors.
In the case of USB tokens and Smart Cards, the device must first be recognized (first factor) before the user is prompted to log in to the banking portal (second factor). With password-generating tokens, you must enter your username and password (first factor) and then the OTP generated by the token (second factor).
The Good: Small, durable, and easy to carry, tokens are extremely user-friendly. Because they’re tamper-resistant, time-sensitive/synchronous, and hard to duplicate, they prove to be a secure storage device for personal information. They can also save digital certificates that can be used in a public key infrastructure (PKI) environment.
The Bad: You must have access to the token whenever you want to log in to your online bank accounts from a remote location. Smart Cards also require an additional card reader attached to the computer and the compatible software. Even though their small size enhances tokens’ portability and usability, it makes them easier to lose.
When a user’s login attempt or transaction initiation seems suspicious or risky, deviating from the normal processing environment or transaction history (e.g. an unrecognized computer or connection, upgrades, an unusual geographic location, changed computer settings, high or unusual wire or ACH amounts, etc.), out-of-band authentication requires you to identify yourself via another channel:
The Good: Even if criminals acquire your personal information through keystroke logging software, phishing or background checks, they cannot hack your accounts without access to your phone.
The phone works particularly well as an out-of-band channel because it can record the call, the number dialed and answered, time stamps from the telephone service provider, and real-time voice biometric comparison.
Out-of-band authentication is simple, easy to use, and doesn’t require additional training or installation of hardware.
With fraudsters finding increasingly clever ways to hack into bank accounts, online criminal activity has become pervasive. Business owners can find themselves plagued with misappropriated funds, drained accounts, and fraudulent wire and ACH transfers.
In an online environment like that, multi-factor authentication, layered security controls, and annual risk assessments are becoming more essential than ever. Tokens and out-of-band authentication significantly reduce the chances of cybercriminals hijacking your accounts because most lack the time, resources, and technical sophistication to outmaneuver these security measures.
Tokens and out-of-band authentication: the necessary.
How do you know which authentication tools are right for your business? Your bank will assess the risk associated with your account—considering your industry, transactional capabilities, sensitivity of information, access to technology, and transaction volume—and suggest the authentication methods best suited to your needs.
Contact your financial institution’s Cash Management Department to learn more about tokens, out-of-band authentication, and safeguarding your confidential information!