"Phishing scams are intensifying in frequency and sophistication," said Martin Dolan, CEO CR2. "Aside from the financial loss there is a significant impact on customers trust in internet banking and ultimately confidence in their financial provider."
CR2's BankWorld Anti-Phising Suite utilises a combination of factors to foil phishing.
â¢ Wide range of secure logon technologies
â¢ Multi-channel authentication through unique one time passwords.
â¢ Post transaction alerts.
One time passwords.
CR2's solution enables banks to deliver one-time passwords to customers by SMS, Mail/FAX, E-mail or ATM. Client banks can choose based on transaction type or value to request the entry of a unique one-time password which is communicated to the user through a pre-agreed second channel such as SMS or email. One time passwords are a very effective solution in combating the most simple internet attack.
To address the escalating problem of fraudsters obtaining client logon and password details banks can choose not to execute high risk transactions online such as new third-party transfers, instead these transactions are queued for subsequent authorisation and execution. Meanwhile, the customer is automatically notified by SMS or email of the transaction details and must respond with an approval, otherwise the transaction will not be processed. For high value transactions the bank can even direct that the ATM is used for subsequent approval of the transaction. In this case, instead of routing the transaction details by SMS, they are routed instead to the ATM system where card and pin authentication is required.
Keith Holmes, Director Product Development CR2, comments, "Phishing relies on the security weaknesses and omnipresence of the web. Introducing additional channels, with physical presence, prevents this thereby constraining the fraudster to merely queuing the transaction for subsequent approval. The use of the ATM is a particularly powerful means of authentication when the value of the transaction requires the complete and full security available through a deployed ATM network, especially when chip cards are used".
Post transaction alerts.
Finally using BankWorld multi-channel alerts, all transactions executed on the web are notified immediately to the customer by SMS. Consequently, the customer is always aware of web-based transactions being processed on their account.
"A fundamental customer requirement is that banks secure their assets,'' Martin Dolan, CEO, CR2 added. "Any breach of confidence in this regard has a profound impact on the banking relationship, the cost of which goes far beyond the cost of the fraud itself. BankWorld Anti-Phishing Suite will hugely assist Financial Institutions to protect their reputation, brand and customer relationships."