The Entersekt Blog

Industry news, security threats, and technology advances in consumer authentication.

Complimentary webinar recording: Securing Seven Billion Mobiles
13-08-2014|Entersekt Editor

Complimentary webinar recording: Securing Seven Billion Mobiles

With seven billion mobile phone subscribers globally, it’s imperative the financial services industry move quickly to roll out retail and corporate banking services on the one device their customers always have with them: their mobile phone. The channel has enormous potential, but many banks have hesitated to offer a complete range of financial services through it because of concerns over security.
Go beyond the FFIEC guidelines for authentication - they simply are not enough
06-08-2014|Entersekt Editor

Go beyond the FFIEC guidelines for authentication - they simply are not enough

While online banking fraud is not new, the losses that stem from it continue to increase year after year, as if today’s institutions are either unaware or unconcerned with the problem.
SMS - A welcome invitation for fraudsters
31-07-2014|Entersekt Editor

SMS - A welcome invitation for fraudsters

It is no secret that one-time passwords (OTPs) have outlived their expiration date. These one-off strings of digits have proven to be neither secure nor convenient, especially when generated and dispatched to the customer’s mobile phone via the SMS channel, which is one of the most popular OTP delivery methods used by banks around the world.
Operation Emmental defeating SMS OTP
27-07-2014|Christiaan Brand

Operation Emmental defeating SMS OTP

Another week brings us news of yet another breach of online systems supposedly protected by one-time passwords, this time at 34 banks in Switzerland, Sweden, Austria, and Japan. At this point, I’m strongly tempted to edit one-time passwords out of the Wikipedia article on multi-factor authentication. They’re so hopeless that they threaten to give our whole industry a bad name.
One-time-passwords a decade of failure
23-07-2014|Entersekt Editor

One-time-passwords a decade of failure

The intensity and sophistication of account takeover attacks continues to rise inexorably. Security breaches at trusted companies are in the news on a daily basis, with stolen consumer data acting as the new currency of the digital underworld.
Is two-factor authentication to much to ask of users?
09-07-2014|Schalk Nolte

Is two-factor authentication to much to ask of users?

Barely a day goes by without news of a high-profile security breach or announcement of a major security flaw affecting the Internet. Consumers have never felt more unsafe using digital channels to transact than they do now, but their use continues to grow nonetheless.
The Citadel Trojan - It's not gone yet...
03-06-2014|Entersekt Editor

The Citadel Trojan - It's not gone yet...

The king of financial malware, Zeus, has many variants and one particular variant, the Citadel trojan, continues to pose a significant global threat, despite the rumors of its withdrawal from the crimeware market. According to McAfee Labs research, Citadel’s original developers, and perhaps others, are developing new variants that significantly extend Citadel’s functionality and threat profile.
Zeus-in-the-mobile - another reason to ditch OTP's
28-05-2014|Entersekt Editor

Zeus-in-the-mobile - another reason to ditch OTP's

Zeus-in-the-mobile, or “Zitmo”, is the first program specifically designed to steal mobile transaction authentication numbers (mTANs) without mobile users noticing. The mTAN is an SMS-based form of one-time password (OTP) widely used by financial institutions for online transaction authentication. Since we know OTPs are vulnerable to attacks, it is not surprising that many banks and their customers have found themselves victims of this trojan, with ING and mBank, a Polish direct bank, being the first affected.
Typical 3-D Secure implementations are not working - time to take it to the next level
13-05-2014|Entersekt Editor

Typical 3-D Secure implementations are not working - time to take it to the next level

While we have established that 3-D Secure has proven beneficial to the industry by reducing fraud, lowering issuers’ operational costs and increasing card usage and retention, adoption of the standard is still being met with resistance from skeptics within the industry. Many wonder why this is the case, so let’s examine why many are still hesitant to fully adopt 3-D Secure and what the industry can do to solve these issues.
How the 3-D Secure standard affects your financial institution
07-05-2014|Entersekt Editor

How the 3-D Secure standard affects your financial institution

The introduction of chip and PIN cards has significantly reduced cloning as a source of card fraud, particularly in Europe, but fraudsters, never idle for long, have switched their focus to a softer target – card-not-present online purchases. A few minor details on the credit card, which are all in plain sight, are all they need to make fraudulent transactions online.

logo entersekt

Entersekt is an international software development company based just outside of Cape Town, South Africa.

We are leaders in authentication, app security, and payments enablement technology, offering a highly scalable solution set with a track record of success across multiple continents.