Gartner report vindicates Todos’s approach to transaction verification.
GOTHENBURG, SWEDEN — MARCH 17 2010 — “Fraudsters are beating strong two-factor authentication and are proving that any authentication method that relies on browser communications can be defeated,” says a recent report from Gartner, an IT research firm.
Using malware, fraudsters have been able to intercept users’ logins and hijack authorised sessions or overwrite the legitimate transactions with their own. Even systems that rely on phone or SMS authentication are vulnerable to call redirection and social engineering.
Gartner makes a number of recommendations to defeat this threat. First, the report recommends that banks verify individual transactions as well as online banking logins. Todos’s Sign-what-you-see technology allows banks to do exactly that. The user can verify the payee and amount of individual transactions on selected Todos authenticators and via our onMobile solution. This makes it harder for criminals to overwrite legitimate user transactions.
Second, Gartner says “enterprises should not deluge users with transaction verification requests, and should keep them simple and confined to high-risk transactions, so that users are sure to pay detailed attention to them.” Todos has a solution for that too: Dynamic Signatures. This allows banks to request additional verification (such as a sign-what-you-see request) for transactions based on ‘riskiness’. So, for example, a small payment to regular recipient is fine but a large, one-off payment triggers additional authentication.
Third, the company recommends the use of out-of-band communications that prevent calls being forwarded. Todos’s next-generation connectible smart card readers support a secure channel between the reader and the bank that bypasses the browser altogether. This patent-protected innovation called Autograf is unique to Todos and prevents man-in-the-middle attacks.
These technologies – Sign-what-you-see, out of band communication channels and dynamic signatures are also available on smart phones using Todos onMobile. In addition, Secure Domain Separation – another unique Todos technology – keeps banking and ecommerce authentication separate so that a breach in one area does not compromise the other.
“Gartner have done a great service in highlighting the latest threats to online banking (and other web services),” says Håkan Nordfjell, COO at Todos. “The good news is that we’re doing a good job of defeating these threats. This report vindicates our strategy in the fight against online fraud.”