BANGALORE, INDIA: Every day, people are finding new reasons to go online to access goods and services.
Transacting online avails consumers to convenience and the kind of broad selection that local businesses just can't touch.
And there's another important reason: transacting online keeps consumers out of their cars. A recent survey of adults who use the Internet found that fuel prices prompted them to transact online more often, and for a wider range of goods and services.
Unfortunately, this growing dependence on online business hasn't gone unnoticed by opportunists looking to exploit this convenience to consumers.
Identity theft and online fraud are on the rise. Between December 2007 and February 2008, researchers measured a 70 percent increase in such fraud acts as phishing, in which e-criminals use convincing-looking emails to lead consumers to fraudulent, but just as convincing, Web pages. When Internet users fall for phishing scams, they can unwittingly hand over an array of sensitive personal information, including user names, passwords, credit card numbers and social security numbers.
The costs are dear. A Gartner study reported that businesses lost $3.2 billion due to phishing in 2007. In addition to monetary costs, the targeted company also suffers immeasurable damage to its brand.
Beyond User Names and Passwords
Facing a climate in which both opportunities and threats are growing daily, online businesses are looking for ways to strengthen the authentication they provide online.
Among these is two-factor authentication (2FA), a stronger form of verification that has been successfully implemented within enterprises for 15 years. Two factor authentication combines what the end-user knows—user name and password—with what he has –such as, a one-time password (OTP) generated by a physical device. A user can't successfully sign on without both. It's a combination that makes it very difficult for e-criminals to gain authorized access to accounts and information, because the thieves must possess not only the username and password, but the consumer's physical credential as well.
To use 2FA, consumers acquire a credential – available in a variety of convenient formats – that generates an OTP for every sign-on. During an online session, this OTP is entered along with the user's usual account name and password. Users achieve strong authentication and secure their identities when the site verifies the OTP and matches it to the user.
It's true that the models implemented over a decade ago to deliver 2FA to the enterprise don't meet the needs of today's complex and convenience-oriented consumer environment. Yet 2FA for consumers is not beyond the reach of organizations seeking to protect their customers from fraud – and to differentiate themselves from competitors by offering state-of-the-art online security.
