Securing data is a key concern for individuals and organisations throughout the world, especially within information and communications infrastructure. With the help of highly sensitive data such as individual account information, criminals can carry out a variety of fraudulent activities; most notably financial fraud, which can be carried out through a multitude of channels. The increasing utilization of technologies, devices, and processes has further exacerbated these risks to organisations. This chapter identifies and describes the issues surrounding the secure authentication of individuals attempting to access or transact with organisations using online networks. This chapter then explains how to secure access to sensitive data through the use of multi-factor out-of-band authentication.
Security is of major concern to organisations across the globe. As Nand (2006) stated, issues of security are a particularly significant and critical success factor in mobile business. This is the case since, although wireless connectivity offers portability and hence mobility - it adds to the risk of unauthorised access to the system and data disclosure. Guarding access to sensitive data, particularly in large government organisations and financial institutions, is becoming increasingly important to the overall security strategy for organisations. According to Dunn (2006):
“Global crime is now one of the three big issues facing the world, the other two being political violence and climate change. Of course, if you were sitting in an air-conditioned office insulated by layers of security guards, this might not have dawned on you. But it will, one day.”
The flexibility and cost effective nature of the Internet, as a vehicle for communicating as well as processing data has allowed organisations and individuals to consider utilising the Internet more than ever before. Utilisation of this method for processing data has also created opportunities for a hacker (who would be interested in gaining unauthorised access to the network). This issue underscores the importance of securely authenticating legal users of the networks who are attempting to gain access to funds or data.
The risks to the use of the Internet has understandably affected consumer confidence resulting, for many, in a negative perception of this important channel of communication. Society has begun to place pressure on organisations to implement stronger controls to prevent hackers from gaining access to sensitive data. Organisations are required to take responsibility for the protection of customer and employee information.
This chapter discusses practical implementation of stronger security for online authentication activities. The chapter aims to share market research and personal experiences of the authors to assist security managers in examining their current authentication practices as part of an extensive security strategy.
The information in this chapter has been broken down into three distinct segments. The first section of the chapter analyses online banking fraud; cardholder not present (CNP) fraud and data theft; the current tools and methods used by hackers; and the impact this has on organisations and individuals around the world. The second section identifies the various types of authentication solutions available, and the different paths that can be utilised to authenticate an individual for an online transaction. The third section describes the way in which mobility can improve the level of security in the authentication space by utilising a mobile application named Closed Loop Environment for Wireless (CLEW®).
This chapter is written using a combination of the researchers’ experiences, along with surveys and statistics used around the world to measure the current state of online fraud and the subsequent effect this type of fraud has on society as a whole. This chapter draws a bridge between mobility and secure authentication through a combination of technologies. Most noteworthy is the use of the mobile device to empower individuals and organisations across the world to prevent unauthorised persons from gaining access to their restricted data.Top
Growth In Online Fraud
Fraud, as mentioned in the introduction, is a big challenge in online transactions. However, increasingly it is being combated with the implementation of new controls, such as chip and PIN (Personal Identification Number) for cardholder present transactions. For transactions that utilise the Internet, such as online banking and CNP transactions however, fraud still remains a major concern. There have been a number of articles published regarding the threat of online fraud and the impact this has on society. For example, a BBC article in January, 2007 - “Bank loses $1.1m to online fraud”, and the article by Easier Finance “Cyber fraud hitting online retailers hard”.
Overall, the cost of online fraud is difficult to determine. This section attempts to analyse some of the hard costs associated with online fraud to consumers, merchants and financial institutions.
Key Terms in this Chapter
Online Fraud: A crime that is performed using the Internet channel to carry out illegal transactions.
Single Path: Sending data within the same band, on the same channel.
Merchant: Function as professionals who operate in the chain between the producer and the end user.
Cardholder not Present Fraud: A thief has obtained an individuals credit or debit card details and attempts a transaction on the card utilising a payment method that does not require the thief to be present e.g. Internet or the telephone.
Date Theft: Word used to describe when information has been stolen or copied from an individual or an organisation in an illegal manner. This may include information like passwords, confidential company documents, credit card information or other personal information.
Authentication: This is the act of establishing or confirming something is authentic or true.
Out-of-Band: A communication activity that occurs using a different path to the established communications method or channel. This is a more secure method of communication for financial type activities.
CLEW: Closed Loop Environment for Wireless technology allows organisations to communicate time-critical information to individuals securely using the Internet and mobile devices.