A solution to banking fraud has been launched by ValidSoft.
Using a separate technology format, in this case a mobile phone, ValidSoft chairman Phil Hickman claimed that the only way of controlling fraud is with ‘out of band' technology.
He claimed that although tokens and other one-time password generating devices do have their benefits, they are not flawless; as customers do not want to carry around the token and can accidentally enter incorrect digits.
Phil Hickman, chairman of ValidSoft, said: “It is imperative banks take a holistic view on security. With a ‘man-in-the-middle' attack, the bank's message will go via a server and allows an opportunity for the virus to corrupt the desktop and steal data and money when the user is on a banking website. However, a ‘man-in-the-browser' is a much more potent Trojan that sits in the browser.
“What we offer is a mobile confirmation for a one-time password money transaction and due to the potency of a man-in-the-browser Trojan, unless you have a transaction verification you are at risk, and the only way to guarantee that there is no theft is to use verification.”
The operation works by entering details of who you want to make a payment to, and confirming this before getting an automated call informing you that a transfer is being accessed. This allows the user to confirm that they know it is legitimate, and prevents fraudulent activity by a phisher.
Hickman said: “Unless you get the transaction read back to you, there is a danger that money could have been stolen. With mobile verification it reads back the sort code and account number that you are making a payment to – the mobile call will read back to you details of the transaction to confirm.
“We have worked with mobile technology companies to develop the capability to co-locate the use of the card and where the mobile is, so it is giving the bank the answer to where the mobile is – it can locate any handset anywhere in the world in 300-400 milliseconds.”