Is two-factor authentication now passe?

(Fierce Finance IT) In its bid to keep sensitive customer information and their money safe, many banks adopted a two-factor authentication system. Which basically boils down to a system that confirms the user is legitimate by using two checks: One could be a password, the other could be a password-generating token, or chip or something biometric. The rise of such authentication techniques was once hailed as good news from the security point of view. Unfortunately, the effectiveness seems to be on the wane.



In a new report, Gartner says that banks that deploy such authentication are still vulnerable, as the crooks have wised up to these systems. In some cases, users are tricked into forwarding a call from a bank to an unauthorized would-be crook. In other cases, malware lurks until two-factors have been allowed access and then it does its dirty work.

So banks have to keep pushing ahead toward a multi-layered approach that would include server-based fraud detection and out-of-band transaction verification that precludes call forwarding. Something to think about anyway. Some think that tokens have proven to be a failure at the consumer level. AOL for one will scrap its system.