The alliance brings together leading technology companies, such as PayPal and Lenovo, to revolutionise online security by addressing the limitations of current approaches to authentication. First among these is an over-reliance on passwords. Passwords are easily harvested in phishing attacks or by malware, and re-use across accounts leaves consumers and businesses vulnerable to broad security breaches, ending in identity theft, fraud and data loss.
“Not only are unique usernames and passwords difficult to create and remember, they no longer stand up to brute-force attacks, much less schemes developed by more creative, technologically-advanced identity thieves,” said Michael Barrett, president of the FIDO Alliance and chief information security officer (CISO) at PayPal. “The members of the FIDO Alliance all share this conviction. Together, we hope to develop and promote specifications that, with widespread adoption, will make the Internet a safer and more convenient place to access products and services, while limiting password dependency.”
Christiaan Brand, chief technology officer at Entersekt and already an active participant in the FIDO Alliance Technical Working Group, said: “Through the experience Entersekt has gained in building real-world, mobile authentication solutions for the financial services industry, we can, I believe, play a valuable part in the shaping of the FIDO specifications.
“Entersekt jumped at the chance to make a contribution to this important initiative, because we recognise in the alliance’s goals the same ambition that drives us,” Brand continued. “From its inception, Entersekt has sought to redefine online banking security by looking beyond the conventional. Our patented online authentication system avoids passwords by opening a fully encrypted, out-of-band communication channel between a bank and its online banking customers’ mobile devices using the Transakt application.”
Through simple prompts, Transakt directs users to accept or reject online banking transactions from outside the browser. It simultaneously verifies both the bank and the mobile device in use, eliminating the need for expensive hardware tokens or cumbersome one-time passwords. Transakt is certified in full compliance with Visa, MasterCard and American Express online card standards and is compatible with hundreds of models of mobile phones on all major platforms.
Both Entersekt and FIDO Alliance are attending NACHA’s PAYMENTS 2013 at the San Diego Convention Centre, 21 to 24 April.