Snippet: Barely a day goes by without news of a high-profile security breach or announcement of a major security flaw affecting the Internet. Consumers have never felt more unsafe using digital channels to transact than they do now, but their use continues to grow nonetheless.

Barely a day goes by without news of a high-profile security breach or announcement of a major security flaw affecting the Internet. Consumers have never felt more unsafe using digital channels to transact than they do now, but their use continues to grow nonetheless. 

With the enormous increase in cybercrime and consequent sense of mistrust, security software providers enjoy a fast-growing market, with banks and other online service providers assessing an ever-expanding range of digital fraud mitigation products and services. 

Pause for thought

Surveying the authentication offerings out there, I’ve often found myself questioning whether banks aren’t asking too much of their customers. (Not our customers, you’ll understand, but those that have not sufficiently interrogated the most popular industry solutions.) Let me explain.

Online users are, to my mind, being asked to carry an increasing burden when it comes to securing digital banking channels. Under the banner of user education, tech savvy and tech-challenged users alike are warned to approach third party emails with circumspection; repeatedly told to check web site URLs and SSL certificates; exhorted to keep their anti-virus protection up to date and not download software or mobile apps from untrusted sources. 

Is expecting users to protect themselves in this way feasible in a constantly evolving threat landscape? What toll does this information take on their peace of mind, on the trust relationship banks hope to build and maintain? Does the “noise” around cybercrime empower consumers or stress them to the point that they think twice about transacting online?

Fear’s a factor, but so is annoyance

Too many attempts at boosting online security have had a detrimental effect on the user experience. The introduction of two-factor authentication (2FA) has, for example, resulted in large numbers of people having to carry dongles or USB sticks or having to input a unique six- or eight-digit alphanumerical code sent to them via text message: the one-time password (OTP).

Users dread OTPs – the time-sapping, clumsy retyping of them into the browser, the inevitable errors. The hassle might be worthwhile if OTPs actually protected online users. Unfortunately, they don’t. (I invite you to download Entersekt’s white paper, OTP: Security past its expiration date for more on this topic.).

Aside from the technology’s many other vulnerabilities, OTP requires your studying each code carefully to copy it correctly. In so doing, you can easily miss the details of the transaction you are authenticating. Fraudsters count on this as much as they count on intercepting the code as you re-enter it into your browser. In South Africa, successful phishing attacks on OTP-protected accounts and transactions resulted in losses to banks of $30 million in 2012. Most banks in countries with a history of using OTP systems, South Africa included, are moving away from them fast.

Re-engineering 2FA for a confident user base

Entersekt has developed a user and transaction authentication solution that provides state-of-the-art security – a closed PKI-based communication channel running from the bank’s servers to a secure crypto stack on each banking customer’s mobile device – while making transacting that much easier for the user. 

From the user’s perspective, the only information that they receive –the only thing they need to take into account – are the details of the actual transaction taking place. There are no codes to retype at any point in the one-touch Accept/Reject process. All the heavy lifting is done behind the scenes. Users don’t know what security is being employed by their bank. Why should they have to worry about that? The only comment we hear from our end-users is, “Wow – it is so easy to use!” 

Looking at the last 100 million authentications for sensitive online banking transactions performed using Entersekt’s Transakt product, the average number per customer, per month is around five. 

Is authenticating five transactions a month through a simple Accept/Reject response on a mobile app asking more of a user than having them worry about suspect URLs, malware, SSL certificates, mobile phone vulnerabilities and entering an alphanumerical code into a browser – none of which will actually protect them?

Answers in the comments below!

Subscribe to our blog.


Schalk Nolte

CEO, BOARD MEMBER

As CEO, Schalk has presided over a decade of extraordinary growth at Entersekt. His passion for entrepreneurship and his relationships in key industries have aided us on our path from fintech start-up to market leader. His energy, instinct and keen focus on the fundamentals leave no room for half measures.

Tags

Entersekt Logo

Entersekt is an innovator of customer-centric fintech solutions. Financial services providers and other enterprises rely on our patented mobile identity system to provide both security and the best in convenient new digital experiences to their customers, irrespective of the service channel. With us, they can concentrate on their innovation roadmap, while delivering intuitive, low-friction digital experiences to their customers.