Rise of Smart Authentication

It’s the 21st century marketing mantra: Never underestimate the power of ‘smart.’ After all, we have ‘smart’ phones, ‘smart TVs’, a ‘smart’ doorbell and yes, even a ‘smart’ dishwasher. Retail niches aside though, when it comes to the stuff that really matters, (like keeping your private information private), what about ‘smart’ authentication? As detailed in this Network World article, multifactor authentication strategies, while rising in popularity continue to be dogged… Read more


Using Mobile as an Upselling Channel in Financial Services

We rely on our bank’s mobile app to check balances, pay bills and transfer money electronically. But mobile consumers want (and expect) to do more. The logical next step, then, is to enable consumers to conduct all of the services offered online (and at their physical branches), on their mobile devices. That’s easier said than done. Most financial institutions have developed mobile apps that don’t provide adequate mobile capabilities and access to… Read more


EBA Eases Strong Customer Authentication Requirements under PSD2

On Thursday 23 February, the European Banking Authority (EBA) published its long-awaited final draft Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) under the revised Payment Services Directive (PSD2). In general the EBA has relaxed its requirements compared to the RTS in the EBA’s Consultation Paper from August 2016. Here are the most important changes: Transaction risk analysis. The final draft RTS introduces… Read more


iris scab

Before there were ‘preppers’ there were the sign holders, who would boldly proclaim, “The End is Near” on street corners, in football stadiums, and in fact anywhere large crowds gathered. Today, there are pundits (and others) in the security industry heralding a similar message, the end, or to really put a fine point on it, the death of static passwords is near. No surprise, really, on all the reasons why… Read more


Why Telehealth Needs Secure Patient Identification Practices

I recently registered as a patient on a leading telehealth provider’s website. I was very surprised around the lack of identity assurance.  The only verification requested was my insurance card and I had the option of skipping that step since insurance is not a prerequisite for service. WOW! In an era of stolen credit cards, stolen identities and ever prospering cybercrime, this is really not acceptable. Telehealth can become a… Read more


SMS Authentication

Banks and payment service providers sometimes rely on SMS to verify the identity of a person who wishes to make a wire transfer or confirm a payment. They send an SMS message with a one-time password (OTP) to the person’s mobile phone, and the user has to enter this OTP into the application of the bank or payment service provider. In this blog post I discuss whether SMS-based authentication will… Read more


Top 5 Security Stories in 2016

2016 was another stunning year in the battle against hackers. The bad guys were more than up to the task with new attacks and an endless display of innovation that challenged even the best security strategies. Yahoo’s topped their half-billion record breach with a billion-record breach, ransomware ran amok, DDoS attacks scaled to new heights, the endpoint grabbed major attention, and the U.S. political process ended up in Russia’s crosshairs…. Read more


December 21, 2016 - Shane Stevens
This Holiday Season Beware Prying Eyes

This holiday season’s breakout gift for the younger set, Hatchimals, were scarce even on Black Friday. However, at least in their current form they’re unlikely to spy on you. The same can’t be said for this year’s in-demand, slightly older demographic equivalent, drones. As most of us are acutely aware, drones are naturally, albeit passively intrusive. Still, that doesn’t make them entirely benign and based on how much people talk… Read more


GAO report on privacy and security: a wake-up call for HHS?

For years, I have been a vocal proponent of securing protected health information. It is no secret that The U.S. Department of Health and Human Services (HHS) swept security and authentication under the rug during the rollout of electronic health records (EHRs) as to not to impede adoption of electronic records by providers by making it difficult to use them. The current minimum requirements for identity assurance are set low, requiring… Read more


Too often security experts and security companies focus on the business to business (B2B) or business to government markets (B2G).  STOP. THINK. CONNECT.™ is the global online safety awareness campaign to help all digital citizens stay safer and more secure online addressing the consumer. Last month, the White House and the National Cyber Security Alliance (NCSA) launched “Lock Down Your Login,” a STOP. THINK. CONNECT.™ Initiative.  “We were basically approached by… Read more