Industry Insights

Future-Proof Your Authentication

Future-Proof Your Authentication

We recently announced a contract with Consultoria International Banco (CI Banco) to enhance its eBanking security through Gemalto's Ezio strong authentication server and One-time Password (OTP) tokens. The beauty of this platform is that it supports multiple authentication methods (EMV-CAP, OATH) and devices including EMV payment cards, connected readers and mobile phones. CI Banco is future-proofing their authentication platform as its investment today will scale to the foreseen and unforeseen security needs of tomorrow, especially in the realm of mobile payment.

My colleague Adam Dolby was quoted recently in an article in Credit Union Times by Marc Rapport that collected thoughts from several experts on what regulations we can expect from FFIEC to protect mobile payment. No one knows exactly what the regulations will look like but all agreed they're coming and will likely be hastened by a security breach or other negative event. Enter the Zeus Trojan that hit mobile bankers at 12 Spanish banks in October. As always, the attacks follow the money and people are beginning to move money on their mobile phones. We know the regulations are coming and we know the security threat is real so let's get ahead of the problem and put the right authentication solutions in place today.

What the Zeus attack also illustrates for me is that, while there are many, many ways to address fraud, the simplest way - just give the customer what you want them to use - is probably best. If a customer wants to access their money at an ATM or pay at a POS, the bank says, "Here, use this card." Yet for online and mobile banking, we try to get fancy instead of doing the same thing and saying, "Here, use this," (token, reader, chip+PIN, USB, etc.) The customer is used to this experience already and will appreciate the simplicity. "Here, use this," ensures the platform is secure and exactly the one the bank wants them to use and will prevent security breaches like this and other future attacks.

Let's apply what we've learned from other types of electronic banking and prepare today for what we know is coming tomorrow.



Tom Flynn leads the team that is responsible for defining Gemalto's regional marketing strategy and technical solutions for enterprise network and online commercial banking security. He has played a crucial implementation role in some of the industry's most notable identity credentialing programs at Fortune 50 companies, and has worked closely with Gemalto's channel partners over several years to develop a national network of information security specialists who can help deploy strong authentication solutions in any size business anywhere in the United States.

Mr. Flynn has 25 years of technical marketing and sales management experience, and has worked in both domestic and international programs for Hewlett Packard, Mars Electronics (division of M&M Mars), Gemplus and Gemalto. He is a frequent speaker at several major security and technology conferences, including most recently the RSA Conference, Digital ID World, CTST and ISC West and is committed to consumer education and advocacy through Gemalto's online resource www.JustAskGemalto.com, which provides answers to consumer questions about how to better enjoy the conveniences of the digital world. Mr. Flynn received his degree in electrical engineering from the Capital Institute of Technology.



About the Author




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.