Steps to secure online banking

BANGALORE, INDIA:Gemalto is the provider in digital security develops secure embedded software and secure products which they design and personalize. Their platforms and services manage these products, the confidential data they contain and the trusted end-user services made possible.

In an interaction with CIOL, Atul Singh the regional sales director, Gemalto briefs about the security of online banking and what can be the basic steps taken by the users to secure themselves.

CIOL: The online banking is drastically on the rise, is it at par with security measures provided to make it secure?

Atul Singh: With the growing number of online banking users, banks have also seen a rise in the number of frauds. According to the Reserve Bank of India, in 2012-13, the number of technology related frauds touched INR 670 million almost double from the previous year. With India expecting to reach 330 million internet users by 20151, the potential for online banking is expected to grow. This also provides a potential threat of fraud as well.

Security is at the top of the minds of consumers and banks. Today, there are a number of security threats such as phishing, key logging, man-in-the-middle, man-in-the-browser and whaling attacks to deceptively obtain user's login credentials and personal information. As these security threats constantly evolve, the fraudsters are also becoming sophisticated in their attacks.

There are several security measures in place today to combat fraud. In addition to simple measures such as SMS alerts, password protection, automatic session timeouts and CVV numbers for credit/ debit cards, there are strong authentication systems that can be implemented so that banks can ensure robust security. For example, using dynamic authentication such as one-time passwords (OTP) helps make a strong, dynamic cardholder authentication and prevent fraud. This adds to the layer of security, where challenge-response tokens secured by PIN and OTP tokens, authenticate the customer's identity during an online transaction by using information that is generated automatically along with information that's only available to the user. Adding to that the implementation of the EMV provides greater security and is far less vulnerable to security breaches.

Since its existence, Gemalto has been working with banks to implement tight security measures to combat frauds, allowing them to ultimately build trust amongst its consumers. Our identity and access management solutions have enabled security for over 90 million banking consumers across the world.

CIOL: Do you think two step authentication is adequate to make online banking secure?

AS: Two step authentication, also known as two-factor authentication, is an added layer of security and helps in making online banking secure. This form of dynamic authentication requires a password and username, in addition to that, it also requires information that is available and known only to the user - such as a physical token. This multi-factor authentication makes it difficult for fraudsters to gain access and steal any information or conduct fraudulent transactions.

However, there are instances where banks provide higher level of authentication for the customers conducting high value transactions. For such instances, banks can provide challenge - response card readers, which help the customer to generate OTP using a card reader. Banks can also provide Public Key Infrastructure (PKI) tokens which have smart card to digitally sign a transaction.

 

CIOL: Can you tell the key advantages of PKI certificate-based authentication? How confident are you that PKI are without loopholes?

AS: Public Key Infrastructure (PKI) is a system that validates a user's digital identity over a public or private network by associating a pair of public and private keys with their individual identity credentials. The key advantages are stronger security and user authentication mechanism as compared to usual two-factor authentication like One Time Password (OTP) through SMS.

It's quite secure because of following reasons:

• Creates a trusted environment using a pair of cryptographic keys. Cryptography protects the information by converting into a format that can only be read by an authorized entity as it is a digital certificate with a public key and private key.

• The private key remains secure in a Smart Card/ SIM card and is not transmitted over the network. It is used for certificate-based authentication, encryption and digital signatures.

• PKI technology offers a range of security features for enterprises including authenticity, confidentiality and non-repudiation. PKI applications for end-users include network and workstation login, secure remote access, single sign-on, email encryption, secure data storage, digital signatures and secure online transactions.

CIOL: What are the other solutions for safer payments online?

AS: In addition to solutions like OTP and PKI, banks can also deploy the EMV standard and Mobile ID solutions.

EMV is a secure global standard of credit and debit card transactions which provides greater security and is far less vulnerable to security breaches. In EMV, skimming and counterfeiting is next to impossible as the data is secure in a chip - which cannot be cloned. EMV also helps in bringing greater security for online or phone transactions where the cards are not present. In India, there are over 350 million debit card and 19 million credit cards2 used, making for an enormous opportunity for fraudsters to make unauthorized transactions.

In addition to this, using a Mobile ID is an innovative solution towards online banking security. The mobile ID provides users with the highest level of security using a strong authentication mechanism based on PKI cryptography. This allows the users to securely authenticate, digitally sign documents, and confirm transactions and payments. It requires the user to give their phone number or a unique identifier to the bank. With each transaction, the bank authenticates the individual along with a digital signature. With the users identity authenticated on channels independent of the bank's server, it makes difficult for fraudsters to access any user information. This transaction is signed using private key stored in SIM card and authenticated using a PIN known only to the user.

CIOL: What can be the basic measures users can take for safer online banking?

AS: Online banking is easy and convenient for users to go about their daily transactions. Users can minimize risks relating to hacking of accounts and safeguard themselves against identity thefts by using simple measures.

On their part, users should create strong passwords, ensure that the website they access is encrypted and secure, never share their personal information with anyone over the phone or via SMS and finally, users should operate with banks that offer authentication services like two factor authentication and PKI infrastructure.

Hackers are constantly evolving with technology and therefore, it is becoming even more important to implement solutions that safeguard users against identity thefts.