online-shopping2As the US moves to adopt EMV chip and PIN cards and mobile payments, authentication is becoming a serious concern, particularly for customer not present transactions – evidenced by the number of Money20/20 exhibitors focusing on the topic in contrast to the blockchain focus of much of last year’s event.

Just as the financial crime community has been warning of ‘blended-threats’ – attacks that use more than one technique to attempt breach systems – the defences are increasingly using multiple sources of identification in what is called Knowledge-based Authentication.

One company in this space is Enacomm, which is addressing the issues through a partnership with IDology, which develops on-demand identity verification and fraud prevention solutions for CNP transactions The pair have integrated IDology’s technology with Enacomm’s eKBA mobile product targeted at fraud prevention that helps organisations authenticate customers and activate their accounts in real-time.

Presented audibly through voice and through visual interactive voice response on a smart device, eKBA prompts individuals to answer personalised questions via a graphical user interface.

“The financial industry has an indispensable role to play in combatting fraud, which is becoming not only more common, but also more sophisticated,” said John Dancu, chief executive of IDology. “Credit, debit and prepaid card fraud are still a major problem, but organisations of all sizes can now be part of the solution by equipping themselves with innovative technology solutions that stops scams in their tracks without needless customer friction.”

“RushCard was established more than 10 years ago to empower people without traditional banking relationships through products and services that provide greater control over their financial lives,” said UniRush chief executive and chairman Rick Savardr. “In a world plagued by sophisticated white-collar crime, technology partners like Enacomm enable RushCard to deliver security to protect our customers’ financial assets and identity from being stolen.”

  • Hitoshi Anatomi 6 November, 2014 at 0715

    “Chip & PIN” is better than “Chip Only” or “PIN Only”, but not as good as “CHIP& Strong Password”.

    Using a strong password does help a lot even against the attack of cracking the leaked/stolen hashed passwords back to the original passwords. The problem is that few of us can firmly remember many such strong passwords.  We cannot run as fast and far as horses however strongly urged we may be. We are not built like horses.

    At the root of the password headache is the cognitive phenomena called “interference of memory”, by which we cannot firmly remember more than 5 text passwords on average. What worries us is not the password, but the textual password. The textual memory is only a small part of what we remember. We could think of making use of the larger part of our memory that is less subject to interference of memory. More attention could be paid to the efforts of expanding the password system to include images, particularly KNOWN images, as well as conventional texts.

  • Tim Brew 6 November, 2014 at 2028

    We have already witnessed this across the rest of the world, as soon as you secure one aspect of the payments cycle, the fraudsters move to the next weak link. Constant improvement is necessary to try to stay one step ahead. It is though good news that at last the US is moving to EMV and Chip.

  • Neil Burton 9 November, 2014 at 1603

    Pin or password both need a finger; which uniquely identifies the payer (to a level sufficient for the value of card transactions) without the need for memory. Perhaps fast-developing nations are again forging ahead of the slow adoption of proven technology favoured by developed nations

  • Post a comment

    Threaded commenting powered by interconnect/it code.