Mobile Banking

The mobile channel doesn’t grow itself. It requires a strategy, a team committed to execution, and constant care and grooming. As financial services organizations embark on mobile-first initiatives or offer more and more mobile services to their customers, they prioritize three goals:   1. Optimize both user convenience and security 2. Stay ahead of the curve on mobile security and… Read more

Multi-Factor Authentication

The following article, authored by Michael Magrath, Director, Global Regulations & Standards, first appeared 2/28/18 on CSO Online. The New York State Department of Financial Services (DFS) regulates over 1,400 insurance companies and approximately 1,500 banks and financial institutions1. Not surprisingly, with New York being the “financial capital of the world,” the overwhelming majority of U.S. financial institutions and many… Read more

At DeveloperWeek 2018 in San Francisco, I had a provocative question for mobile app developers: “Is mobile app security important to you, and if so, what are you doing about it?” The majority of developers I spoke with at the event agreed that security is important. However, when pressed for more detail, many could not describe the specific measures taken… Read more

Windows Logon

In light of constantly evolving cybersecurity risks, businesses must take strong measures to secure internal and remote network access by employees. Today’s workforce requires convenient anytime, anywhere access to web, mobile and cloud networks, applications and resources. Clearly, timely access to information drives business forward. At the same time, organizations must prevent security breaches, and maintain continuous compliance with security… Read more


The following article, authored by Giovanni Verhaeghe, Director Market and Product Strategy, VASCO, first appeared 2/4/2018 in the Financial blog. Mobile banking apps and the devices they run on are increasingly at risk for compromise by cybercriminals. New, sophisticated methods of attack have rendered the classic username-password scheme outright obsolete. Even the more secure but still basic two-factor authentication… Read more

Face ID

Face ID is fast becoming a differentiator for organizations that want to provide a frictionless mobile experience. While biometric authentication remains the exception and not yet the rule, the analyst community strongly believes digital businesses, especially banks, need to pay attention. For example, in the recent Hype Cycle for Digital Banking Transformation, 2017, Gartner recommends that digital businesses develop world-class… Read more

According to a recent survey by Accenture, banks experience 85 attempted breaches on average each year. More than a third are successful in stealing sensitive information1. In 2017, those attempts ranged from account takeover fraud to mobile banking Trojans that enabled hackers to steal funds from victims’ bank accounts. Attacks such as Distributed Denial of Service (DDoS) — per Verizon,… Read more

Stolen Credentials on the Dark Web: A Reminder to Replace KBA with MFA

Recent news accounts of security researchers discovering a database containing 1.4 billion breached credentials — reportedly, the largest such find on the Dark Web — is yet more evidence that online identity proofing that relies only on KBA (knowledge based authentication) and static passwords is no longer fit-for-purpose. The level of sophistication that cybercriminals bring to the dark web is… Read more

Best Practices for Switching from Hardware to Software Tokens

The smartphone has become indispensable. According to Deloitte’s latest Global Mobile Consumer Trends1 report, a survey of 17 developed countries found that one in five consumers checks their phone >50 times a day. The explosive adoption of mobile apps and devices is changing how banks authenticate customers in the digital world. One trend we expect to continue into 2018 and… Read more

PSD2: How the Final RTS Requirements Will Impact You - Update

On November 27, 2017, the European Commission published its final Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) under PSD2. With the release of the final PSD2 RTS requirements, banks of all sizes can now take action to develop a compliance strategy and implement effective security solutions for electronic remote payment transactions. The Revised… Read more