PaymentsJournal
SUBSCRIBE
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
No Result
View All Result

Strong MFA and Safe Authentication are the Real Holiday Must-Haves This Holiday Season

Andrew Shikiar by Andrew Shikiar
December 28, 2020
in Industry Opinions, Security
0
Strong MFA and Safe Authentication are the Real Holiday Must-Haves This Holiday Season

Strong MFA and Safe Authentication are the Real Holiday Must-Haves This Holiday Season

0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

It’s no secret that the ongoing pandemic has increased the adoption of electronic payment methods, with consumers–and businesses–eschewing germ-laden cash for seamless, and often contactless, electronic transactions. What’s more, entire cohorts of shoppers, such as senior citizens, that clung to the in-person shopping experience have been forced to navigate websites instead and embrace digital payment methods.

With the holiday shopping season winding down, the sudden and swift shift generated thousands more digital payment transactions per day than even just a few months ago. In other words, the opportunities for fraud are rising exponentially. And the bad actors know it: A single password can unlock multiple avenues to siphon money from bank accounts, initiate fraudulent charges on credit cards, and trick consumers into making a payment to a nonexistent entity. 

A favorite approach of those with malevolent intentions is so-called “credential stuffing” attacks, where large caches of stolen account credentials, which are also sold on the Dark Web to other fraudsters, are used to gain unauthorized access to user accounts. Automated at scale on a range of websites and applications, fraudulent log-in attempts are growing rapidly in no small part due to a reported 15 billion stolen user credentials from 100,000 breaches. The exposure could be any of a number of accounts in the online payment process.

Another common path to gaining unauthorized access is by phishing user credentials, sending official-looking emails to hundreds or thousands of recipients with links that, when clicked by the recipient, take the user to a malicious website that tricks the user into providing their username and password. Wells Fargo customers can attest to the success of these kinds of attacks, having fallen victim to one in June 2020.

Increasingly, however, fraudsters are “getting personal,” using the same phishing approach combined with thorough research of victims and targeted, highly professional, personalized communications. Bad actors are increasingly successful in gleaning valuable information and making fraudulent payments or transfers through these “spear phishing” or “vishing” (social engineered voice phishing) attacks. Barracuda Networks reported nearly 500,000 spear phishing attacks across all industries between March 1st and March 23rd of this year alone, as well as a huge spike relating to COVID-19.

So how can the payments industry stem the rising tide of these attacks? And what about the role of the consumer? 

The calls for strong, multi-factor authentication (MFA) and a requirement that more types of transactions be authenticated are a good start, but the payments industry must balance user convenience with security obligations.

The first step in achieving that balance is for the payments industry to embrace strong authentication, such as on-device public key cryptography techniques. Such biometric and other possession-based authentication methods are stronger than leaky passwords and other knowledge-based authentication methods because user credentials and biometrics are never shared and never leave the user’s device. Not only does this approach completely eliminate the threat from credential stuffing and socially engineered attacks, but it also removes the responsibility and burden of security from customers’ and employees’ shoulders. 

With transactions only verifiable by a named individual using credentials that are impossible to share, sensitive information becomes effectively un-phishable. But embracing the frictionless nature of biometric authentication and security keys is more than just good business practice and fiscal responsibility: It delivers a competitive advantage for any online payments processor that adopts the strategy, giving consumers peace of mind that their money is safe while also eliminating convoluted and confusing processes that get in the way of that safety.

Tags: AuthenticationBiometricsCybersecurityHoliday shoppingIndustry OpinionsMFAmulti-factor authenticationphishing attacksSecurity
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

    Analyst Coverage, Payments Data, and News Delivered Daily

    Sign up for the PaymentsJournal Newsletter to get exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    Google Wallet Expands Features

    Google Wallet Continues to Bet on Digital with Expanded Features

    June 2, 2023
    digital value

    How Embracing Digital Value Can Help Solve the B2C Payments Conundrum

    June 1, 2023
    instant payments, real-time payments, RTP

    Banks Developing Instant Payments Products in the U.S. Should Focus on Billers to Generate New Revenue Streams  

    May 31, 2023
    Digital Wallet Use Delivers on Convenience and Security

    Digital Wallet Use Delivers on Convenience and Security

    May 30, 2023
    5 Ways to Protect Your Financial Institution from a Cyberattack

    5 Ways to Protect Your Financial Institution from a Cyberattack

    May 26, 2023
    traditional banks

    How Traditional Banks Can Modernize Without Risk

    May 25, 2023
    identity fraud

    Javelin’s Identity Fraud Study Highlights the Changing Nature of Fraud

    May 24, 2023
    SASE, security-as-a-service

    Security-as-a-Service Secures
    Distributed IT Models

    May 23, 2023

    Linkedin-in Twitter

    Advertise With Us | About Us | Terms of Use | Privacy Policy | Subscribe
    ©2023 PaymentsJournal.com

    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    Menu
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    • Industry Opinions
    • Recent News
    • Resources
    Menu
    • Industry Opinions
    • Recent News
    • Resources
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Industry Opinions
    • Faster Payments
    • News
    • Jobs
    • Events
    No Result
    View All Result

      Register to download this complimentary report from CSG Forte: