Let me begin with a short story, a true story. A good friend of mine’s house was recently broken into. He was asleep in bed when this event took place, and he heard nothing. In fact, when he got up in the morning, he didn’t even notice at first that the event had taken place, such was the subtlety of the break-in. The thief had managed to break a door lock, opening the door without making much sound at all. The technique was to snap off the front of the lock and use a screwdriver to open the door: very quiet and very quick.
Hearing about this made me take the time to check my own door locks, paying a small fortune to upgrade them to new, snap-proof locks with keys that cannot be easily copied – all for the sake of peace of mind. I raised my level of protection in the hope that would-be thieves would notice it and pass me by. As internet users, we continually seek to raise our level of security in the hope that cybercriminals will pause and move on to easier targets. While we are very proud of our achievement when we are not defrauded, the fact remains that someone down the road will be because they are the weaker target.
At Entersekt, we have seen perfect examples of this. Whenever a financial institution implements our technology, most types of fraud come to a complete stop, and fraud attempts practically disappear. Introducing our digital security and authentication solutions to a system makes it so difficult to commit fraud that fraudsters simply turn their attention elsewhere.
The process of raising the level of fraud prevention is something that financial institutions continue to undertake as losses due to fraud increase, damaging bank brands and distressing their customers. Risk-based authentication, a defense strategy that is now growing in popularity, offers improved security but also adds friction to the transaction process, often leaving the embarrassed customer with a “card declined” situation at checkout. And whereas analytics systems may be becoming more intelligent, fraudsters are also becoming more cunning in finding ways around security measures.
Interested in RBA? Read more in our latest blog on the topic, Demystifying risk-based authentication
Identity as security
There is a rising awareness of the need for an identification process that is secure, and yet can be shared across organizations; where a customer’s identity cannot be copied, and is uniquely linked to an individual.
A few years ago, a consortium of nine major Swiss service providers (including Raiffeisen and Credit Suisse) announced that they would be providing the country’s consumers with a single digital identity to use when paying for products and services online. Other, similar initiatives are springing forth across Europe, offering ways to secure personal identity through digital signatures increasing confidence for both the consumer and the service provider, while limiting opportunities for fraudsters.
Organizations are looking for ways to secure the point of entry and each stage of the transaction process. A strong, cryptographic key-based solution that cannot be easily copied – much like my new door locks – is not only secure, but provides a simple and convenient experience for the customer. Having the best lock in place is only one aspect of the solution: there also needs to be a means of securing the keys and encrypting any exchanged information. Entersekt’s solutions offers your organization all this, and more.
This post has been updated from its original version, first published on 8 January 2018.