• Understand the threat landscape
• Use multi-factor authentication to protect login
• Monitor user activities and transactions
Understand the threat landscape
Financial institutions must understand the threats that are targeting their businesses and the relative risks they pose. By doing so, they can mitigate the risk of online fraud or even prevent it from occurring. By gathering and sharing intelligence and developing a broad knowledge of potential threats, financial institutions can better evaluate their own vulnerabilities and implement security solutions to protect their customers.
Use multi-factor authentication to protect login
Username and password authentication is not enough to stop criminals from accessing online bank accounts. Multi-factor authentication is essential to prevent unauthorised access to a users personal data and account information. There are a number of strong authentication technologies available on the market today that have been widely deployed across large online banking user populations and have been highly successful in reducing and preventing fraud. Some of the more popular technologies include risk-based authentication, one-time passwords, and site-to-user authentication.
Monitor transactions and activities that occur post-login
Financial institutions should also consider implementing a transaction monitoring solution that analyses and challenges high-risk transactions after users have logged in to their accounts. Transactions typically require more scrutiny and pose more risk to financial institutions than just the act of logging in to an account. Transaction monitoring solutions analyse a combination of factors such as the IP address, characteristics of the users computer and the actual behaviour of the user (that is, is the amount of this money transfer typical of the user) to help identify and mark suspicious activities that may require further review by the financial institution.
Educate your customers
There is an ongoing debate about the impact of customer education and how much it really does to mitigate the threat of online fraud. RSA offers a number of resources to help financial institutions communicate the importance of online security to their customers including guides on phishing and crimeware.
There are a number of public sources available as well. For example Carnegie Mellon University developed a new tool called Anti-Phishing Phil. The game teaches users how to identify phishing URLs, where to look for cues in Web browsers, and how to use search engines to find legitimate sites. Interactive tools such as this are great ways to engage consumers and raise online safety and security awareness.
The author is the executive vice president of EMC and president of RSA.
Sign up for Computerworld eNewsletters.