Follow Us on Twitter
    Share |  Print

    Muti-Factor Authentication: Strengthening Online Security

    Multi-factor authentication is technology that requires consumers to identify themselves in more than one way.  Usually, it's something you have, along with something you know.  For example, an ATM uses a two-factor authentication.  Your ATM card is something you have and your PIN (personal identification number) is something you know.     

     

    By the end of 2006, all banks must tighten their online banking security.  In order to fulfill this new regulatory requirement (click here), most banks will implement some form of multi-factor authentication.

     

    Banks will achieve this in different ways, some of which may include:

    Computer Fingerprinting

    Computer fingerprinting systems capture the serial numbers of computer parts, such as the hard drive. These numbers are used to generate a unique ID for the machine. Whenever a customer connects to a bank's Web site, the bank's online system recognizes the computer by its unique fingerprint and allows the customer to log on with a simple password. 

    If the customer does the bulk of his or her online banking from a particular computer, like a home PC, the system will establish that computer as the authorized one.  However, if the customer logs on from another computer that is not recognized by the fingerprint system, the Web site will take the customer through a tighter sign-in process to verify his or her identity using pre-established "challenge" questions such as "what was your high school mascot?" This option will be popular with many banks and customers because of its convenience and transparency. 

    Hardware Tokens

    A hardware token, such as a key fob, is another potential online security feature that provides multi-step authentication. There are numerous types of key fobs that can be used. A token is a physical object, such as a keychain or a USB device installed on a personal computer, which works along with a customer's PIN number.

    The key fob displays a randomly generated series of numbers, which change periodically, usually every 30 to 60 seconds. Users     who adopt the thumb-size devices will have to enter the random numbers displayed on the device in addition to their user name and password.

    Because it is a physical object, it is easier for the owner to know if the key fob has been stolen than a password.  This solution is quite expensive and requires customers to always have this object in hand in order to conduct online banking.

    Picture Recognition

    This is a two-way authentication that not only identifies the consumer to the bank, but also the bank to the consumer.  Customers enroll by selecting a unique image and creating a personal, descriptive label for it. From then on they will see that image and descriptive phrase when logging into their online banking site. As long as they see their unique image, customers can be assured that they are at the bank's Web site, and it is safe to enter their password.

    Biometrics

    Finally, biometrics – using a body part as an identifier, such as a thumbprint or iris scan -- is another potential security feature that banks could utilize. This type of security is much more expensive that other types of technology, but could be used for employees or high-risk clientele who move large amounts of money between accounts.  Unfortunately, multi-factor authentication measures will not eliminate ID theft and fraud, but it will help to ensure a safer banking environment for the future.

     

    FAQs from federal regulatory agencies on multifactor authentication (Aug. 15, 2006)