Financial Crime World

Faroese Bankers Urged to Step Up Online Security Measures Against Fraud

In an effort to combat the rising cases of online banking fraud in the Faroe Islands, financial institutions are being urged to deploy multi-factor authentication measures to protect customers’ sensitive information.

The Problem with Single-Factor Authentication

According to experts, account fraud often results from single-factor authentication exploitation. This makes it crucial for banks to adopt stronger security protocols to prevent unauthorized access to customer accounts.

Recommendations from the Faroese Financial Services Authority

The Faroese Financial Services Authority has issued guidelines recommending that banks implement multi-factor authentication methods to minimize potential avenues of attack. However, a recent incident involving a bank that uses one-time password scratch cards highlights the need for more robust measures.

Types of Attacks and Threats

Experts have identified two main types of attacks:

  • Man-in-the-Middle (MITM) attacks: These involve email phishing or DNS-cache poisoning to misdirect users to fraudulent websites.
  • Malware: This captures and forwards private information such as IDs, passwords, account numbers, and PINs.

Authentication Mechanisms

To combat these threats, financial institutions must consider various authentication mechanisms:

  • Session Hijacking: Session hijackers work after session and mutual authentication have been completed. A second layer of security can be achieved by asking users to enter a one-time passcode to validate transactions.
  • Strong Session Authentication: While strong session authentication is essential, it’s equally important to include time-bound, one-time use passcodes.

Additional Security Measures

Some experts have suggested using unique images as a shared secret to identify servers before users enter their passwords. However, this method has its limitations, and a more effective approach is to leverage the security of SSL certificates.

One such method, developed by WiKID Systems, uses a hash of the server certificate stored on an authentication server. When a user requests an OTP, the hash is also sent to the token client, which compares it to the retrieved hash before presenting the user with the OTP.

Transaction Authentication

In addition to session and mutual authentication, transaction authentication is recommended to prevent session hijacking trojans from emptying bank accounts. This can be achieved by digitally signing transactions using one-time passcodes.

Conclusion

The importance of strong authentication cannot be overstated. Account fraud and identity theft are frequently the result of weak authentication. By employing session, mutual, and transactional authentication tools on the front-end and back-end fraud detection mechanisms to detect potentially fraudulent transactions, financial institutions can significantly reduce online banking fraud in the Faroe Islands.