Secure transactions - It takes two

It’s hard to ignore – card fraud in the UK is a significant burden, still running at over £440 million according to the latest figures from the UK Payments Association. Not surprisingly the nature of this threat has evolved dramatically in recent years. It has moved away from face to face fraud, largely eliminated through the introduction of EMV and Chip & PIN, and into online channels, in the form of Card Not Present attacks against both e-commerce sites and online banking.

The UK Cards Association paints a rather bleak picture with losses from online banking fraud increasing to £59.7 million in 2009, an 18 per cent rise on 2008 and more than doubling since 2007 when there were £22.6 million of losses. With the economic slowdown of the last 18 months coupled with more uncertainty on the horizon, the safety of our money and security of our identity is extremely precious and the public need a solution they can trust and that tackles the security of transactions across multiple channels.

Why introduce a second channel?

When online, the channel you are using (the electronic line of communication over the computer) is subject to malware scams and phishing attacks, an increasing threat due to criminals employing more sophisticated methods to target this growing market. With this in mind it is evident that the genuine user must personally authorise, and adequately authenticate themselves to prevent these threats from materialising. 

The solution arguably resides in having a multi-faceted security model where there is a secondary channel to re-authenticate the user, thus preventing the impersonation by an imposter hi-jacking an electronic line of communication. The most obvious second channel device for me is the mobile phone.

Why use a mobile device as the second channel?

The mobile phone is not only ubiquitous, but perhaps more importantly almost always on our person and has come to be a device that many cannot live without. The mobile also already contains strong security systems including the addition of anti-malware and the screening of traffic by the mobile service providers to ensure reliability of channel.

It is more than likely that fraudulent attacks will only grow as we increasingly go online for our e-commerce and banking needs. With the ongoing uncertainty of the economy set to continue, in 2010 we will arguably demand a more secure method of authenticating and authorising our transactions. The two channel method offers a solution to this end and the mobile phone is the most natural and obvious device as the second channel.