Mike Davies: Online Identity and Trust in EMEA

Lots of newsfeeds this week talking about the move to faster payments in the UK and the welcome news that consumers (and business) will not have to wait up to 3 days for money to transfer between accounts.

The Issue this raises is that the consumers accounts that have been compromised and are in fact being used for fraudulent transactions have to be detected faster (i.e. before they had 3 days foe the transaction to complete).

This gives the banks in the UK a big challenge to make extra sure that the consumer logging into the account is actually who they say they are.

My take is that risk based authentication can help in this area, looking at the nature of the consumers log in (i.e. have they logged in from this machine before, from this geolocation, is this there usual log in behaviour?) along with two factor authentication.

The bottom line is the UK banks have put a lot of work into making sure fraud does not shoot up with faster payments, I just hope that they are successful!

Posted by Mike Davies at 10:36 AM | Permalink

As a security professional I am never surprised when security breaches occur such as the recent Societe Generale incident when a rogue trader wiped out a large proportion of their profits. By that I mean that they aren't the first and they certainly won't be the last.

I only mention them as I read a story the other day that after the incident they are now looking at implementing biometrics to protect internal procedures.

I have followed the biometrics industry for many years and have heard many issues about usability. I truly hope that the latest generation of technology is robust enough as the false negative rates before had seemed to be too big a barrier.

I hope that their implementation is successful, they certainly have had enough problems. to deal with.

From a consumer authentication perspective, I think that biometrics still have a way to go.

Some biometrics are already creeping into consumer authentication (i.e. some sites monitor how fast you type your keystrokes or some companies have established voice biometrics for telephone banking). But these are usually used in conjunction with other authentication methods and I can see that not changing for a long time.

Posted by Mike Davies at 04:58 PM | Permalink