In a constantly evolving fraud environment, HSBC is continually evaluating new processes to protect its users and their assets. For some types of exploits, out-of-band technology was seen to offer the highest security with the most convenience.
HSBC, the world's largest bank by asset size is using Authentify's services to automatically authenticate online users attempting certain transaction against HSBC accounts. The out-of-band process requires user or transaction specific details to be entered via telephone, separately from the Internet side of the exchange. The process isolates the authentication from Internet threats making it more difficult to tamper with an account even if armed with compromised identity information.
Authentify enables HSBC to validate the user and transaction details but keeps the process convenient for the end user. Using a telephone call synchronized to an online session provides a simple, reliable way to strengthen an online process. It layers with security mechanisms HSBC already has in place and uses technology based on something their users already own and know how to use.
Finextra verdict: At first glance, using the telephone for authentication doesn't seem particularly innovative. But when seen as part of a total security strategy, and the fact that the call is synchronised to the online session that triggered the need for authentication, the Authentify solution is a useful tool in the bank's arsenal against keystroke loggers and man in the middle exploits.