New iOS 12 Feature Risks Exposing Users to Online Banking Fraud

Security Code AutoFill is a new feature for iPhones in iOS 12. It is supposed to improve the usability of two-factor authentication, but could expose users to online banking fraud by removing the human validation aspect of the transaction signing/authentication process. Two-factor authentication (2FA), which is often referred to as two-step verification, is an essential element of many security systems,… Read more


Julie Conroy

When it comes to fraud, financial institutions (FIs) find themselves trying to address competing priorities. On the one hand, the need for strong authentication and security continues to rise. Fraud and hacking attempts become more sophisticated each year, and new laws and regulations require stronger customer authentication security – potentially adding more friction to the customer experience. However, consumers have… Read more


selfie

The Economic Growth, Regulatory Relief, and Consumer Protection Act was just signed into law by President Trump.  Also known as the Dodd-Frank Repeal, the new law removes many of the regulations imposed on banks after the financial crisis and the Great Recession of the late 2000s.  As with most laws, the Act includes numerous provisions. Among these is Section 213,… Read more


mobile

This blog is based on an article authored by David Vergara, Director of Security Product Marketing, VASCO, that first appeared 2/21/2018 in Credit Union Times. As part of a secure and seamless mobile first strategy, banks, credit unions, and other financial institutions must rethink the customer journey. Financial institutions strategically aim for customers to do more with mobile while minimizing… Read more


Frederik Mennes

One of the most discussed requirements of the final Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) under PSD2 is the requirement to perform so-called “dynamic linking” to authenticate a financial transaction. The dynamic linking requirement has three parts. First, it requires a payer to authenticate a financial transaction by calculating an authentication… Read more


Mobile Banking

The mobile channel doesn’t grow itself. It requires a strategy, a team committed to execution, and constant care and grooming. As financial services organizations embark on mobile-first initiatives or offer more and more mobile services to their customers, they prioritize three goals:   1. Optimize both user convenience and security 2. Stay ahead of the curve on mobile security and… Read more


Multi-Factor Authentication

The following article, authored by Michael Magrath, Director, Global Regulations & Standards, first appeared 2/28/18 on CSO Online. The New York State Department of Financial Services (DFS) regulates over 1,400 insurance companies and approximately 1,500 banks and financial institutions1. Not surprisingly, with New York being the “financial capital of the world,” the overwhelming majority of U.S. financial institutions and many… Read more


swipe

The following article, authored by Giovanni Verhaeghe, Director Market and Product Strategy, VASCO, first appeared 2/4/2018 in the Financial IT.net blog. Mobile banking apps and the devices they run on are increasingly at risk for compromise by cybercriminals. New, sophisticated methods of attack have rendered the classic username-password scheme outright obsolete. Even the more secure but still basic two-factor authentication… Read more


Face ID

Face ID is fast becoming a differentiator for organizations that want to provide a frictionless mobile experience. While biometric authentication remains the exception and not yet the rule, the analyst community strongly believes digital businesses, especially banks, need to pay attention. For example, in the recent Hype Cycle for Digital Banking Transformation, 2017, Gartner recommends that digital businesses develop world-class… Read more


According to a recent survey by Accenture, banks experience 85 attempted breaches on average each year. More than a third are successful in stealing sensitive information1. In 2017, those attempts ranged from account takeover fraud to mobile banking Trojans that enabled hackers to steal funds from victims’ bank accounts. Attacks such as Distributed Denial of Service (DDoS) — per Verizon,… Read more