Lloyds Bank tests biometric authentication from Microsoft

Computer Weekly

Banking group is trying out enterprise-grade biometric authentication for its online customers

Going Beyond Customer Authentication to Fight Bank Fraud

HID Global

Going Beyond Customer Authentication to Fight Bank Fraud. emonreal. Thu, 04/28/2022 - 11:38

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Singapore banks adopt voice biometrics for user authentication

Computer Weekly

Banks in Singapore are rolling out biometric technology to improve customer services by speeding up the authentication process

Privacy, Authenticity, and Confidentiality

Phil Windley

Summary: Authenticity and privacy are usually traded off against each other. At a recent Utah SSI Meetup , Sam Smith discussed the tradeoff between privacy, authenticity and confidentiality. Authenticity allows parties to a conversation to know to whom they are talking.

Improving the ATM and Banking Experience With Biometric Multi-Factor Authentication

HID Global

Improving the ATM and Banking Experience With Biometric Multi-Factor Authentication. tseeley. Mon, 02/14/2022 - 13:05

Provisional Authenticity and Functional Privacy

Phil Windley

Summary: Provisional authenticity and confidentiality can help us manage the trade offs between privacy and authenticity to support online accountability along with functional privacy. Authenticity is often driven by a need for accountability 1.

Authentic Digital Relationships

Phil Windley

Our online relationships with ecommerce companies, social media providers, banks, and others are cold and impersonal, but also relatively efficient. Supporting Authentic Relationships.

Why CIOs Should Care About Two Factor Authentication

The Accidental Successful CIO

Everybody needs two factor authentication, but just exactly what is it? One of the most powerful techniques that is currently being used is something called “two factor authentication” What is this security technique and how many different flavors of it exist? Two Factor Authentication. So just exactly is two factor authentication. Most websites these days support some form of two factor authentication. This level is called two factor authentication.

TSB to introduce iris scan authentication in September 2017

Computer Weekly

TSB customers will soon be able to access their mobile bank accounts through iris scanning, which is regarded as the most secure biometric authentication available

This Open-Source Security Key Helps You Ditch Software Authenticators

GizModo VR

Accidentally deleting your Google Authenticator app is a nightmare. The app, which generates one-time codes for many websites, is usually your key to many major email services, including Gmail, domain name services like Namecheap, and even banking services.

US and Europe will block some Russian banks from SWIFT

The Verge

The letter, signed by the United States, UK, Canada, and European allies, lays out new measures to isolate Russia’s central bank, and announces a new trans-Atlantic task force to freeze the foreign assets of sanctioned individuals. used to authenticate payment instructions between banks.

WhatsApp adds biometric authentication for logging in on desktop

The Verge

Soon, if you’ve got biometric authentication enabled on your phone, you’ll have to unlock the app before you can link your account. That means users will have to use it to link their accounts unless they disable biometric authentication for their entire device.

TSB customers can use their faces to authenticate payments

Computer Weekly

Bank’s latest addition to its mobile apps is a facial recognition option for Apple iPhone X users

Identity authentication and fraud prevention company AuthenticID lands $100M

GeekWire

wireless carriers, banks, credit bureaus, and other large enterprise companies. Seattle-based AuthenticID landed $100 million in a minority investment from Long Ridge Equity Partners. Founded in 2001, AuthenticID provides “identity proofing” software to U.S.

CIOs Want To Know: How Secure Is Your Mobile Phone?

The Accidental Successful CIO

Once this has been done, the bad guys can then trick banks and other companies into resetting the phone owner’s password by having them send the password reset to the new phone. Where are the weaknesses of mobile phones and what can CIOs do about it? Image Credit: David Dennis.

Mobile 207

Should You Use SMS Two Factor Authentication For Your Website

IT Toolbox

As it stands, the future of SMS 2FA seems uncertain, at least in regulated industries like banks and insurance

Making Security Personal: Warn End Users About New Bank App Alert

SecureWorld News

Department of Justice alert: rogue banking apps and trojans. If there's one thing we can all agree on, it's that a trip to the bank is one of the least exciting errands of all time. An estimated 75% of Americans used mobile banking in 2019. Use Two-Factor Authentication.

Target gig workers are getting their bank accounts drained by hackers

The Verge

Scammers are hacking into the accounts of Target gig workers and draining their bank accounts, Motherboard reports. Other shoppers had two-factor authentication set up but were deceived into reading the codes to scammers who called them on the phone.

The ultimate in convenient banking: make payments by thinking

Trends in the Living Networks

In my presentation at yesterday’s media launch of ANZ’s Banking on Australia program , I spoke about new ways of making payments using biometrics. The developed method provides authentication (verification that test and enrollment biometric data are confirmed to be the same) and identification (determination that enrollment and test biometric data match to identify an individual among others).

SMS-based two-factor authentication may be headed out the door

Network World

SMS messaging for two-factor authentication might become a thing of the past. Its latest draft of its Digital Authentication Guideline, updated on Monday, warns that SMS messages can be intercepted or redirected, making them vulnerable to hacking. Many companies, including Twitter, Facebook, and Google, as well as banks, already use the phone-based text messaging to add an extra layer of security to user accounts.

Trojan source code leak poised to spur new online banking attacks

Network World

The source code for a new Trojan program that targets banking services has been published online, offering an easy way for unskilled cybercriminals to launch potent malware attacks against users. These are all features commonly seen in banking Trojans, as they're used by attackers to bypass the security checks of online bank websites to perform fraud.

SWIFT asks its customers to help it end a string of high-profile banking frauds

Network World

Financial transaction network SWIFT called on its customers Friday to help it end a string of high-profile banking frauds perpetrated using its network. The SWIFT network itself is still secure, it insisted in a letter to banks and financial institutions. That's the best explanation so far for how authenticated instructions were sent from Bangladesh Bank to the U.S. Federal Reserve Bank of New York over the SWIFT network, ordering the transfer of almost US$1 billion.

Bank of America lowers security – removes one time passwords at payee add/change

Forrester's Customer Insights

With the latest change to the BofA online banking bill pay service (which added all sorts of unnecessary and distracting icons and ugly fonts), the bank decided to remove the one time password two factor authentication (OTP 2FA) requirement to force the customer to perform a one time password based step-up authentication before allowing the […

Fixing Web Login

Phil Windley

Summary: Like the "close" buttons for elevator doors, "keep me logged in" options on web-site authentication screens feel more like a placebo than something that actually works. Getting rid of passwords will mean we need to authenticate less often, or maybe just don't mind as much when we do.

PSD2 Security Requirements Are Restricting Fintech Innovation

Forrester's Customer Insights

Banks and financial institutions are currently hard at work building APIs and testing their Strong Customer Authentication (SCA) solutions. Banks need to comply with […]. age of the customer banking financial services security & riskI have recently released a new report looking at the second phase of the Payment Services Directive (PSD2) and its security requirements along with my colleagues Jacob Morgan and Andras Cser.

Passwords Are Ruining the Web

Phil Windley

Compare, for a moment, your online, web experience at your bank with the mobile experience from the same bank. Chances are, if you're like me, that you pick up your phone and use a biometric authentication method (e.g. And it's not just banking.

How Serious Is The Lack Of Machine Learning Talent?

The Accidental Successful CIO

However, at banks, insurers and other financial companies their use of artificial intelligence is being especially hampered by a scarcity of data and talent. is talking with banks about offering checking accounts.

Is the password dead?

CTOvision

The FIDO (Fast IDentity Online) alliance has developed “technical specifications that define an open, scalable, interoperable set of mechanisms that reduce the reliance on passwords to authenticate users.” . If the standard is adopted, for example, by an online bank, a user will have the ability to confirm a financial transaction using the same biometric scan, by using a local device for two factor authentication (I hope that’s my smartwatch ) or by simply entering a PIN.

Social Engineering and Phishing

CTOvision

Notice that the email message looks as if it came from the user’s bank. The formatting most likely matches that of the bank’s typical email messages. The name of the bank looks correct, and the user’s name even looks properly addressed in the message. It appears as though the bank sent it to ask the customer to log in to his account. The email message did not originate from the bank. You can typically be assured that you’re connecting to the authentic site.

Increasing access to blockchain and ledger databases

All Things Distributed

They've created a way to connect small farms in developing nations to banks and distributers of goods, like seeds, fertilizer, and tools. With HARA, this hard-to-obtain data on small farms is collected and authenticated, giving these farmers access to resources they've never had before. Last year, I spent some time in Jakarta visiting HARA , an AWS customer.

Using a Theory of Justice to Build a Better Web3

Phil Windley

Writing about Central Bank Digital Currencies (CBDCs), Dave Birch said this: The connection between digital identity and digital currency is critical. Summary: Building a better internet won't happen by chance or simply maximizing freedom. We have to build systems that support justice.

Meet the 4 new startups joining a fintech incubator run by BECU and UW in Seattle

GeekWire

Four Seattle startups have won a slot in a financial technology incubator run by banking company BECU and CoMotion, the innovation arm of the University of Washington. Pay Your Tuition Funds is a platform which connects families and banks to finance higher education.

There’s a better way to protect yourself from hackers and identity thieves

Vox

Authenticator apps like Google Authenticator might seem intimidating, but they’re easy to use and safer than texts. If you’re using texts for two-factor authentication, it’s time to change to an app. And you always use two-factor authentication, or 2FA.

Token-Based Identity

Phil Windley

Peter references a white paper on central bank digital currencies and one on identity composability by Andrew Hong to lead into a discussion of account- and token-based identity. Traditionally, we've done that with accounts and identifying, using authentication factors, who is connecting.

Four of the Biggest Financial Data Breaches of 2019

Galido

Perhaps not surprisingly, banks, insurance companies, and other financial-service firms are 300 times more likely to suffer from a cyber-attack than other industries. Information Technology Blog - - Four of the Biggest Financial Data Breaches of 2019 - Information Technology Blog.

How to Spot a Fake Robinhood Email

SecureWorld News

Phishing attempts come via email where scammers use different social engineering tactics to pose as a reputable sender like the IRS, your bank or brokerage firm. Robinhood is an increasingly popular trading app where you can buy and sell stocks, as well as cryptocurrency.

Screenshots reveal what extra information the Robinhood hackers accessed

The Verge

The heavily redacted screenshots show that hackers had access to buttons labeled “Disable MFA” (multi-factor authentication) and “Add to Trusted Device Email Code Whitelist,” along with information about what devices were logged into the account, and the ACH bank transfers the user had done.

Artificial Intelligence Applications and Succeeding with IAIDL

Galido

Al has various impacts on different aspects of life, such as business, marketing, banking, etc. Banking. Al in banking is growing very fast in the last few years. Many examples of Al are present in the banking system.

How Many User Credentials Did Emotet Steal? Now We Know

SecureWorld News

Also change passwords and security questions for any accounts you may have stored in either your inbox or browser, especially those of higher value such as banking.". Turn on 2-factor authentication wherever available.

Building an SSI Ecosystem: MemberPass and Credit Unions

Phil Windley

It's All About Authentication. But ultimately, the problem comes down to the member and credit union authenticating each other. And SMS-based multi-factor authentication is becoming increasingly fraught. Twenty-three thousand branches looks like a mega bank.

Companies can silently reroute your texts to hackers, sometimes for just $16

The Verge

This also serves as a reminder that SMS should be avoided for anything security related, if possible — for two-factor authentication, it’s better to use an app like Google Authenticator or Authy. Illustration by Alex Castro / The Verge.

Multi-Source Identity

Phil Windley

Online, various, so-called "identity providers" authenticate people using usernames and passwords and provide a fixed, usually limited set of attributes about the subject of the identity transaction. Mutual exchange of keys is a big step up from SSL-mediated transactions on the Web where only one-side is cryptographically authenticated. In Sovrin, mutually authenticated connections are built into every relationship. You might have a Sovrin-based relationship with your bank.

Ransomware Exponentially Increasing as IoT Provides Physical Targeting Opportunities

CTOvision

The surge is linked to increased targeting of banking, technology, utilities, and energy industries and is driven notably by the rise of Ransomware as a Service (RaaS) and the low cost and risk associated with conducting an attack. A significant number of IoT devices lack any form of security, however, IoT dependent systems and devices can be protected by incorporating well-known industry best practices into security plans, including firmware updates, encryption, and authentication.