Financial institutions need to be vigilant against ID-based attacks

Entrust gives a step-by-step guide to winning the battle against identity thieves

Tags: Cyber crimeEntrust, Inc (www.entrust.com)
  • E-Mail
Financial institutions need to be vigilant against ID-based attacks Mark Reeves, senior vice president, International, Entrust.
By  Mark Reeves Published  February 17, 2014

Here are Entrust's five best-practice recommendations to protect against identity-based online attacks:   

1. Drive better risk assessment

Assess online transactions and the level of risk these present by type of transaction or user group in order to develop risk mitigation strategies. Be sure to assess specific attributes such as customer type; volume and capability of your transaction methods; information sensitivity and existing security; ease of use and the customer experience; and how mobile devices are interacting with your environment. 

Consider not only financial loss, but also liability, corporate risk and reputational damage. And don't just do this once; review and refresh this assessment at least every 12 months.   The risk assessment will help you to map out potential impacts and the security service levels required.

2. Adopt strong authentication standards

Today's threats require stronger methods of authentication than simple usernames and passwords, particularly for high-risk financial transactions such as wire transfers. 

Traditional two-factor authentication solutions such as one-time password tokens are no longer effective against, for example, sophisticated man-in-the-browser attacks if used on their own. There are a number of newer techniques that provide the level of protection required either through the use of a separate communication channel with the user or by relying on advanced behaviour-based fraud detection engines that can automatically detect transaction or website navigation anomalies in real-time.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code