Enhancing Security and Scalability: Resolving Identity Authentication Challenges for Bank Customers

Artificial Intelligence (AI) Solutions | IBM

Artificial Intelligence (AI) Solutions | IBM

In the face of increasing cyber threats, banks and financial institutions recognize their susceptibility to attacks targeting both their business and customers. To mitigate these risks, implementing robust multi-factor authentication (MFA) or Strong Customer Authentication (SCA) solutions is crucial. However, not all authentication methods are created equal, particularly when it comes to mobile authentication solutions.

While consumers desire a seamless and convenient user experience similar to other mobile applications, it is imperative that these solutions prioritize security. Unfortunately, many mobile authentication solutions in the market today suffer from significant security flaws, such as reliance on insecure one-time passwords (OTPs) delivered via SMS.

The Vulnerabilities of Mobile Authentication Solutions Using SMS-delivered secure codes, or OTPs, has been a common practice for years. However, this method poses severe cybersecurity risks, including the interception of texts by hackers. To safeguard themselves and their customers, organizations must understand the risks involved and adopt secure, seamless, and scalable mobile authentication solutions that leverage current controls and protocols.

Understanding the Risks There are various attack vectors that exploit mobile authentication vulnerabilities. For instance, the FluBot malware, as reported by ReadWrite in May 2021, collected passwords and sent them back to the originating company. This malicious bot also infected victims’ accounts, compromising their contacts and spreading further.

In another large-scale attack, hackers established a network of 16,000 virtual mobile devices to intercept SMS OTPs, draining millions from mobile banking apps within days, as revealed by IBM Trusteer researchers.

Escalating Cyberattacks and Digital Transactions As reliance on digital transaction channels grows, so does the frequency of cyberattacks. The Block-Cash App breach in April 2022 exposed the data of over eight million customers, highlighting the need for improved data security practices. Additionally, Crypto.com suffered a severe breach at the beginning of 2022, resulting in the theft of over $30 million from nearly 500 users.

Hackers primarily exploit compromised user credentials as their entry point for attacks. In a notable incident during Spring 2021, hackers leveraged a flaw in multi-factor authentication to steal cryptocurrency from approximately 6,000 Coinbase accounts. By entering an OTP via SMS, they gained access to user account information.

The Role of Mobile Authentication Security Mobile authentication security offers a viable solution to address these challenges by leveraging the capabilities of mobile devices to verify users’ identities before granting access or approving transactions.

Implementing Mobile Authentication Security Securing the mobile authentication process is a complex task. The industry has established baseline security standards through organizations like the Open Web Application Security Project (OWASP) foundation. These standards differ from those designed for web applications due to the unique features and data storage options available in mobile apps. Even seemingly minor design choices can have a substantial impact on the overall security of the solution.

SMS verification, or OTPs delivered via SMS, remains a popular choice for mobile authentication, despite its significant security risks. HID Global’s 2021 study found that SMS OTP was the leading authentication method among financial institutions, despite estimates by the Ponemon Institute that around one-third of mobile users employ this method.

Leave a Reply

Your email address will not be published. Required fields are marked *