“According to RSA’s 2013 report, "The Year in Phishing", online banking fraud is a nationwide epidemic in which banks, which lost $1.5 billion in revenue last year from phishing attacks, are simply accepting losses instead of proactively adapting their defences,” said Christiaan Brand, chief technology officer at Entersekt, an innovator in transaction authentication technology. “What makes the issue complicated is the increased sophistication of hackers, but technology aimed at thwarting attacks is evolving too.”
According to the poll, almost six in 10 (58%) US adults would be at least somewhat willing to take an active role in securing their online banking transactions if this meant using their mobile phones to authenticate activities, such as purchases, logins, transfers or bill payments.
There is no shortage of products in the market that promise reliable consumer authentication. The most popular systems employ one-time passwords (OTPs), usually delivered to banking customers through hardware tokens or via text or automated voice messages on mobile phones.
“The fundamental flaw these products share is that they continue to rely on browser-based communications back to the bank,” continued Brand. “Banks are in the unenviable position of having to juggle robust security with consumer demand for convenient access. OTPs deliver neither.”
According to the poll, Americans access their accounts online 10 times per month, on average. Each of these logins is either an opportunity for hackers to steal valuable, personal information, or an opportunity for a bank to protect its customers and reputation.
Entersekt’s patented authentication system, Transakt, elegantly exploits a public/private key infrastructure to generate secure, isolated authentication loops between financial institutions and their individual customers’ mobile devices. Within this secure channel, industry standard electronic certificates are used to digitally sign bank customers’ responses to real-time 'Accept/Reject' transaction confirmation requests.
This second-factor, out-of-band channel counters phishing, man-in-the-middle/browser, keystroke logging, call forwarding and number porting attacks without using OTPs delivered via expensive hardware tokens or vulnerable text and voice messaging. Entersekt’s clients have all, without exception, seen online banking fraud eliminated since implementing the system.
Survey methodology
This survey was conducted online within the United States by Harris Interactive on behalf of Entersekt, from 14 to 16 May 2013, among 2 052 adults, aged 18 and older. This online survey is not based on a probability sample, and therefore, no estimate of theoretical sampling error can be calculated. For complete survey methodology, including weighting variables, please contact David Jones, 678 781 7238.