Mobility for Secure Multi-Factor "Out of Band" Authentication

Introduction

Security is of major concern to organisations across the globe. As Nand (2006) stated, issues of security are a particularly significant and critical success factor in mobile business. This is the case since, although wireless connectivity offers portability and hence mobility - it adds to the risk of unauthorised access to the system and data disclosure. Guarding access to sensitive data, particularly in large government organisations and financial institutions, is becoming increasingly important to the overall security strategy for organisations. According to Dunn (2006):

The flexibility and cost effective nature of the Internet, as a vehicle for communicating as well as processing data has allowed organisations and individuals to consider utilising the Internet more than ever before. Utilisation of this method for processing data has also created opportunities for a hacker (who would be interested in gaining unauthorised access to the network). This issue underscores the importance of securely authenticating legal users of the networks who are attempting to gain access to funds or data.

The risks to the use of the Internet has understandably affected consumer confidence resulting, for many, in a negative perception of this important channel of communication. Society has begun to place pressure on organisations to implement stronger controls to prevent hackers from gaining access to sensitive data. Organisations are required to take responsibility for the protection of customer and employee information.

This chapter discusses practical implementation of stronger security for online authentication activities. The chapter aims to share market research and personal experiences of the authors to assist security managers in examining their current authentication practices as part of an extensive security strategy.

The information in this chapter has been broken down into three distinct segments. The first section of the chapter analyses online banking fraud; cardholder not present (CNP) fraud and data theft; the current tools and methods used by hackers; and the impact this has on organisations and individuals around the world. The second section identifies the various types of authentication solutions available, and the different paths that can be utilised to authenticate an individual for an online transaction. The third section describes the way in which mobility can improve the level of security in the authentication space by utilising a mobile application named Closed Loop Environment for Wireless (CLEW®).

This chapter is written using a combination of the researchers’ experiences, along with surveys and statistics used around the world to measure the current state of online fraud and the subsequent effect this type of fraud has on society as a whole. This chapter draws a bridge between mobility and secure authentication through a combination of technologies. Most noteworthy is the use of the mobile device to empower individuals and organisations across the world to prevent unauthorised persons from gaining access to their restricted data.

Growth In Online Fraud

Fraud, as mentioned in the introduction, is a big challenge in online transactions. However, increasingly it is being combated with the implementation of new controls, such as chip and PIN (Personal Identification Number) for cardholder present transactions. For transactions that utilise the Internet, such as online banking and CNP transactions however, fraud still remains a major concern. There have been a number of articles published regarding the threat of online fraud and the impact this has on society. For example, a BBC article in January, 2007 - “Bank loses $1.1m to online fraud”, and the article by Easier Finance “Cyber fraud hitting online retailers hard”.

Overall, the cost of online fraud is difficult to determine. This section attempts to analyse some of the hard costs associated with online fraud to consumers, merchants and financial institutions.