Slide background

The Entersekt blog.

Industry news, security threats, and technology advances in consumer authentication
Brazil’s Pix payments: Vulnerabilities and how to mitigate them

Brazil’s Pix payments: Vulnerabilities and how to mitigate them


Entersekt asked Americas Market Intelligence to explain to readers of our blog how Brazil’s incoming instant payment system works. As a global specialist in user authentication, strong device ID, and secure QR payments, we support the Brazilian Central Bank’s vision of a nation-wide digital payments system, free to all and as accessible to the unbanked as it is to cardholders.

Read More ...

Snippet: While online banking fraud is not new, the losses that stem from it continue to increase year after year, as if today’s institutions are either unaware or unconcerned with the problem.

While online banking fraud is not new, the losses that stem from it continue to increase year after year, as if today’s institutions are either unaware or unconcerned with the problem.

Snippet: It is no secret that one-time passwords (OTPs) have outlived their expiration date. These one-off strings of digits have proven to be neither secure nor convenient, especially when generated and dispatched to the customer’s mobile phone via the SMS channel, which is one of the most popular OTP delivery methods used by banks around the world.

It is no secret that one-time passwords (OTPs) have outlived their expiration date. These one-off strings of digits have proven to be neither secure nor convenient, especially when generated and dispatched to the customer’s mobile phone via the SMS channel, which is one of the most popular OTP delivery methods used by banks around the world.

Snippet: Another week brings us news of yet another breach of online systems supposedly protected by one-time passwords, this time at 34 banks in Switzerland, Sweden, Austria, and Japan. At this point, I’m strongly tempted to edit one-time passwords out of the Wikipedia article on multi-factor authentication.

Another week brings us news of yet another breach of online systems supposedly protected by one-time passwords, this time at 34 banks in Switzerland, Sweden, Austria, and Japan. At this point, I’m strongly tempted to edit one-time passwords out of the Wikipedia article on multi-factor authentication.

Snippet: The intensity and sophistication of account takeover attacks continues to rise inexorably. Security breaches at trusted companies are in the news on a daily basis, with stolen consumer data acting as the new currency of the digital underworld.

The intensity and sophistication of account takeover attacks continues to rise inexorably. Security breaches at trusted companies are in the news on a daily basis, with stolen consumer data acting as the new currency of the digital underworld.

Snippet: Barely a day goes by without news of a high-profile security breach or announcement of a major security flaw affecting the Internet. Consumers have never felt more unsafe using digital channels to transact than they do now, but their use continues to grow nonetheless.

Barely a day goes by without news of a high-profile security breach or announcement of a major security flaw affecting the Internet. Consumers have never felt more unsafe using digital channels to transact than they do now, but their use continues to grow nonetheless.

Snippet: The king of financial malware, Zeus, has many variants and one particular variant, the Citadel trojan, continues to pose a significant global threat, despite the rumors of its withdrawal from the crimeware market.

The king of financial malware, Zeus, has many variants and one particular variant, the Citadel trojan, continues to pose a significant global threat, despite the rumors of its withdrawal from the crimeware market.

Snippet: Zeus-in-the-mobile, or “Zitmo”, is the first program specifically designed to steal mobile transaction authentication numbers (mTANs) without mobile users noticing. The mTAN is an SMS-based form of one-time password (OTP) widely used by financial institutions for online transaction authentication.

Zeus-in-the-mobile, or “Zitmo”, is the first program specifically designed to steal mobile transaction authentication numbers (mTANs) without mobile users noticing. The mTAN is an SMS-based form of one-time password (OTP) widely used by financial institutions for online transaction authentication.

Snippet: While we have established that 3-D Secure has proven beneficial to the industry by reducing fraud, lowering issuers’ operational costs and increasing card usage and retention, adoption of the standard is still being met with resistance from skeptics within the industry.

While we have established that 3-D Secure has proven beneficial to the industry by reducing fraud, lowering issuers’ operational costs and increasing card usage and retention, adoption of the standard is still being met with resistance from skeptics within the industry.

Snippet: The introduction of chip and PIN cards has significantly reduced cloning as a source of card fraud, particularly in Europe, but fraudsters, never idle for long, have switched their focus to a softer target – card-not-present online purchases.

The introduction of chip and PIN cards has significantly reduced cloning as a source of card fraud, particularly in Europe, but fraudsters, never idle for long, have switched their focus to a softer target – card-not-present online purchases.

Snippet: I received a phishing email last night. Since Entersekt is in the business of protecting banking customers from online fraud, I like to check out these phishing sites to see their latest tricks. This one was a good copy; it even had that standard “Secured by XYZ” logo included, indicating the certificate authority (CA) supposedly used to secure the site.

I received a phishing email last night. Since Entersekt is in the business of protecting banking customers from online fraud, I like to check out these phishing sites to see their latest tricks. This one was a good copy; it even had that standard “Secured by XYZ” logo included, indicating the certificate authority (CA) supposedly used to secure the site.

Entersekt Logo

Entersekt is an innovator of customer-centric fintech solutions. Financial services providers and other enterprises rely on our patented mobile identity system to provide both security and the best in convenient new digital experiences to their customers, irrespective of the service channel. With us, they can concentrate on their innovation roadmap, while delivering intuitive, low-friction digital experiences to their customers.