Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Fraud & Identity Theft

PhoneFactor Adds Multi-Factor Authentication for Credit and Debit Card Transactions

Support for Standard ISO 8583 Protocol Enables Real-Time Authentication of Card Transactions

PhoneFactor, a provider of phone-based multi-factor authentication technology, this week announced support for ISO 8583, the standard communication protocol that financial institutions use to process credit and debit card transactions.

Support for Standard ISO 8583 Protocol Enables Real-Time Authentication of Card Transactions

PhoneFactor, a provider of phone-based multi-factor authentication technology, this week announced support for ISO 8583, the standard communication protocol that financial institutions use to process credit and debit card transactions.

PhoneFactor ISO 8583 Real Time AuthenticationMasterCard and Visa authorizations utilize the ISO 8583 standard, as do most Automated Teller Machines. By supporting the widely used ISO standard, PhoneFactor can authenticate card transactions in any channel, including point-of-sale, ATM, and online transactions, through a single technology implementation.

Multi-Factor Authentication also referred to as “Out of Band Authentication,” is growing anti-fraud measure financial institutions are implementing in their online banking services to help protect customers. With the technology, at the time a customer attempts a transaction, a text message or phone call is sent to the mobile phone number the bank has on file. The customer is given through the phone a “TAN” or one-time password that must be provided on the website in order to complete the transaction.

By adding PhoneFactor to the transaction path using the ISO 8583 protocol, card issuers can authenticate transactions with a phone call or text message. When a protected transaction is initiated, PhoneFactor instantly places an automated phone call or sends a text message to the cardholder asking them to verify the transaction details. The user answers the call and presses # (or a PIN) or replies to the text message to approve the transaction.

Credit and debit card fraud is rampant worldwide, and while countermeasures like EMV chip cards have been introduced in some European countries, they have yet to gain even limited adoption worldwide. In addition, chip technology fails to easily address the online and mobile channels, leaving a growing segment of transactions unprotected.

PhoneFactor uses the cardholder’s existing phone — a device the cardholder already has and carries with him. So, enabling the service for large numbers of geographically diverse customers is easy and cost-effective. It works regardless of which merchant is processing the transaction or from which channel the transaction is initiated.

According to Idan Aharoni, Manager of the FraudAction Intelligence team at RSA and a SecurityWeek Columnist, out of band authentication isn’t perfect but is quite effective. “Even though it’s not bulletproof, out of band authentication is an effective tool to stop fraudsters at bay. But just like any idea, implementation has a very big part of whether it succeeds or fails. For out of band authentication to become even more effective, a more secure enrollment processes must be put into effect in order to ensure that the person opting-in to the service is the legitimate customer and not a fraudster,” Aharoni writes.” “Eventually, when the routes used to bypass security measures are themselves secured, most fraudsters will have no choice but to circumvent the problem in a different way – by targeting someone else.”

Advertisement. Scroll to continue reading.
Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Fraud & Identity Theft

Famed hacker Kevin Mitnick has died after a battle with pancreatic cancer.  At the time of his death, he was Chief Hacking Officer at...

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Cybercrime

Deepfakes, left unchecked, are set to become the cybercriminals’ next big weapon

Cybercrime

A threat actor tracked as ‘Scattered Spider’ is targeting telecommunications and business process outsourcing (BPO) companies in an effort to gain access to mobile...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Cybercrime

While there are likely many different approaches, here are a few points that are important for enterprises to consider when evaluating bot solutions.