The Entersekt Blog

Industry news, security threats, and technology advances in consumer authentication.

Zeus-in-the-mobile - another reason to ditch OTP's
28-05-2014|Entersekt Editor

Zeus-in-the-mobile - another reason to ditch OTP's

Zeus-in-the-mobile, or “Zitmo”, is the first program specifically designed to steal mobile transaction authentication numbers (mTANs) without mobile users noticing. The mTAN is an SMS-based form of one-time password (OTP) widely used by financial institutions for online transaction authentication. Since we know OTPs are vulnerable to attacks, it is not surprising that many banks and their customers have found themselves victims of this trojan, with ING and mBank, a Polish direct bank, being the first affected.
Typical 3-D Secure implementations are not working - time to take it to the next level
13-05-2014|Entersekt Editor

Typical 3-D Secure implementations are not working - time to take it to the next level

While we have established that 3-D Secure has proven beneficial to the industry by reducing fraud, lowering issuers’ operational costs and increasing card usage and retention, adoption of the standard is still being met with resistance from skeptics within the industry. Many wonder why this is the case, so let’s examine why many are still hesitant to fully adopt 3-D Secure and what the industry can do to solve these issues.
How the 3-D Secure standard affects your financial institution
07-05-2014|Entersekt Editor

How the 3-D Secure standard affects your financial institution

The introduction of chip and PIN cards has significantly reduced cloning as a source of card fraud, particularly in Europe, but fraudsters, never idle for long, have switched their focus to a softer target – card-not-present online purchases. A few minor details on the credit card, which are all in plain sight, are all they need to make fraudulent transactions online.
PKI is dead. Long live PKI!
30-04-2014|Gerhard Oosthuizen

PKI is dead. Long live PKI!

I received a phishing email last night. Since Entersekt is in the business of protecting banking customers from online fraud, I like to check out these phishing sites to see their latest tricks. This one was a good copy; it even had that standard “Secured by XYZ” logo included, indicating the certificate authority (CA) supposedly used to secure the site.
Why is transaction signing important for U.S. banks?
23-04-2014|Entersekt Editor

Why is transaction signing important for U.S. banks?

While technology continues to evolve to help combat fraud, so do the strategies of savvy fraudsters. Protecting customer accounts, both consumer and business, has been a top priority for financial institutions everywhere for some time, but even more so now with the increased use of Internet and mobile banking channels. This is where transaction signing comes in.
3-D Secure - friend or foe?
16-04-2014|Dewald Nolte

3-D Secure - friend or foe?

Whether they’re house burglars or cyber criminals, crooks tend to go for the easiest target, the proverbial lowest hanging fruit. With card-present fraud a greater challenge since the advent of EMV, fraudsters have retooled and set their sights on the tantalizingly low fruit of the digital world – card-not-present payments in particular.
Monetary authority of Singapore's transaction signing regulations force U.S.financial institutions to look at new solutions
10-04-2014|Entersekt Editor

Monetary authority of Singapore's transaction signing regulations force U.S.financial institutions to look at new solutions

Protecting customer accounts, both consumer and business, is a top priority for financial institutions everywhere, especially in light of the growing security risks with online and mobile banking. The global nature of today’s financial world has also led many banks to offer international banking services to multinational corporations and consumers, which has complicated their ability to provide security.
Heartbleed? Not even close.
09-04-2014|Christiaan Brand

Heartbleed? Not even close.

An SSL vulnerability! Again. Of all the things that can go wrong with secure communications on the Internet, a bug inside one of the most widespread SSL libraries, OpenSSL, is definitely one of the worst. Officially referenced as CVE-2014-0160, the bug is aptly nicknamed “Heartbleed,” since it was discovered inside an OpenSSL heartbeat feature.
The secret to better business banking on mobile
02-04-2014|Entersekt Editor

The secret to better business banking on mobile

The increasingly global nature of business means many of us work differently now. Corporate treasurers are no exception. They’re more mobile than ever before and, having taken on a more strategic function within organizations, they face pressure to make informed decisions and act on them fast, wherever they happen to be. They want technology to help improve their productivity and facilitate real-time information sharing on the go, and they expect their banks to deliver the tools to do just that.
Mutual authentication helps prevent mobile banking fraud
26-03-2014|Entersekt Editor

Mutual authentication helps prevent mobile banking fraud

BankInfoSecurity reports that by 2017 there will be more than one billion mobile banking customers globally, proving yet again how transformative mobile technology continues to be in the lives of people everywhere. Of course, as the mobile banking channel takes off, so its attractiveness to cybercriminals will grow in direct proportion.

logo entersekt

Entersekt is an international software development company based just outside of Cape Town, South Africa.

We are leaders in authentication, app security, and payments enablement technology, offering a highly scalable solution set with a track record of success across multiple continents.