Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Fraud & Identity Theft

PhoneFactor Adds Multi-Factor Authentication for Credit and Debit Card Transactions

Support for Standard ISO 8583 Protocol Enables Real-Time Authentication of Card Transactions

PhoneFactor, a provider of phone-based multi-factor authentication technology, this week announced support for ISO 8583, the standard communication protocol that financial institutions use to process credit and debit card transactions.

Support for Standard ISO 8583 Protocol Enables Real-Time Authentication of Card Transactions

PhoneFactor, a provider of phone-based multi-factor authentication technology, this week announced support for ISO 8583, the standard communication protocol that financial institutions use to process credit and debit card transactions.

PhoneFactor ISO 8583 Real Time AuthenticationMasterCard and Visa authorizations utilize the ISO 8583 standard, as do most Automated Teller Machines. By supporting the widely used ISO standard, PhoneFactor can authenticate card transactions in any channel, including point-of-sale, ATM, and online transactions, through a single technology implementation.

Multi-Factor Authentication also referred to as “Out of Band Authentication,” is growing anti-fraud measure financial institutions are implementing in their online banking services to help protect customers. With the technology, at the time a customer attempts a transaction, a text message or phone call is sent to the mobile phone number the bank has on file. The customer is given through the phone a “TAN” or one-time password that must be provided on the website in order to complete the transaction.

By adding PhoneFactor to the transaction path using the ISO 8583 protocol, card issuers can authenticate transactions with a phone call or text message. When a protected transaction is initiated, PhoneFactor instantly places an automated phone call or sends a text message to the cardholder asking them to verify the transaction details. The user answers the call and presses # (or a PIN) or replies to the text message to approve the transaction.

Credit and debit card fraud is rampant worldwide, and while countermeasures like EMV chip cards have been introduced in some European countries, they have yet to gain even limited adoption worldwide. In addition, chip technology fails to easily address the online and mobile channels, leaving a growing segment of transactions unprotected.

PhoneFactor uses the cardholder’s existing phone — a device the cardholder already has and carries with him. So, enabling the service for large numbers of geographically diverse customers is easy and cost-effective. It works regardless of which merchant is processing the transaction or from which channel the transaction is initiated.

According to Idan Aharoni, Manager of the FraudAction Intelligence team at RSA and a SecurityWeek Columnist, out of band authentication isn’t perfect but is quite effective. “Even though it’s not bulletproof, out of band authentication is an effective tool to stop fraudsters at bay. But just like any idea, implementation has a very big part of whether it succeeds or fails. For out of band authentication to become even more effective, a more secure enrollment processes must be put into effect in order to ensure that the person opting-in to the service is the legitimate customer and not a fraudster,” Aharoni writes.” “Eventually, when the routes used to bypass security measures are themselves secured, most fraudsters will have no choice but to circumvent the problem in a different way – by targeting someone else.”

Advertisement. Scroll to continue reading.
Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

The US arm of networking giant TP-Link has appointed Adam Robertson as Director of Information and Security.

Raj Dodhiawala has been named Chief Product Officer at Eclypsium.

Cyber exposure management firm Armis has promoted Alex Mosher to President.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.