What everyone must know about online banking and the risks of fraud and ID thefts
Realsec is committed to the highest standards of security. Its customers include leaders of industry and government in Spain, including Grupo Banco Santander, Grupo BBVA, National Tax Department, Caja Madrid, Endesa and Repsol. Realsec also serves over 50 banks worldwide, including HSBC, Banco Itaú, Banca Nationale dil Laboro, Banco de Comercio, Banco Ripley, Banjército, Prosa and e-Global. For more information, please visit www.realsec.com.
Info Security PG: What are banks and other e-commerce companies in USA doing to prevent fraud and ID theft?
Sebastian Munoz: Most security measures are adopted by banks and then deployed to other e-commerce companies and many of these are dictated by the large payment brands like Visa or MasterCard. PCI/DSS regulation is a good example of this and nowadays EMV is also designed to provide a much more secure payments framework, and is meant to be the most secure way to prevent fraud.
On top of that, many banks have also implemented additional security measures like using a secure authentication platform based on digital certificates to authenticate the users, one-time password verification procedures, or other less sophisticated tools like the use of a familiar image or sentence. Currently you find banks that have implemented up to four-factor authentication procedures, but even this does not solve the problem of fraud in POS and ATMs.
EMV will definitely help reducing fraud associated to these devices and has proven to work in the rest of the world.
About Sebastian Munoz
Sebastian Munoz has 19 years of experience in IT security and 10 years specifically into payments security. He was co-founder and COO at Quark Software & Services; VP Alliances and shareholder at e-Netfinger; and co-founder and COO at Realia Technologies.
Info Security PG: When will U.S. banks start to adopt EMV chip & PIN technology? Why haven't they done so already?
Sebastian Munoz: EMV is already here in US, and is here to stay, though it will still take some time until it becomes widely adopted and deployed. It's been a long and complicated process, but this time it looks like EMV is definitely considered by the US payment industry as the most efficient way to fight fraud. Most banks are pointing toward 2015 as the deadline to adopt this new standard.
The main reason to explain this late adoption of EMV in the US market is its size. The US payment industry is huge and far more complex than it is in the rest of the world. A good example of this is the fact that, while most countries only have one main debit network, the US has 17. If adapting one network to EMV is highly consuming and requires a tremendous effort and investment, imagine this effort times 17 and coordinating all of them. In general, the required investment to migrate to EMV is much higher in US than anywhere else. The number of ATMs and POS that need to be upgraded is huge. The number of banks that need to invest is far above those from any other country in the world.
However, there are a number of reasons that have finally made the US payment industry adopt EMV:
As the rest of the world started to adopt EMV and reduce fraud, this fraudulent behavior has moved to USA, thus dramatically increasing fraud attacks.
ROI is now easier and faster to achieve.
Interoperability. Both tourists visiting the US and US citizens visiting Europe or many other countries in the world must be able to use their credit cards without any compatibility problem.
EMV provides a robust security framework for more secure mobile banking deployment.
Info Security PG: What can we learn from countries who have already been successful with chip & PIN?
Sebastian Munoz: First of all, EMV works and helps significantly reduce fraud. It is proven.
Second, it is a long and complicated process that requires cooperation among all the players (brands, acquirers, issuers, merchants), and a clear support of local banking authorities.
Third, it's important to invest in educating consumers to let them know that this change will help them use their cards much more securely.
And fourth, adopt what has been proven to work in other countries and avoid making the same mistakes. For instance, adoption of much more flexible and powerful dynamic (DDA) EMV cards, versus static (SDA) cards that were adopted initially by most countries but were then forced in many cases to make a second migration to dynamic.
Info Security PG: Meanwhile what online safety tips would you give consumers who rely more and more on online banking?
Sebastian Munoz: I would recommend working with banks that are able to provide a sophisticated authentication framework, based on several factors (the more, the better) and banks that really care and invest in security.
Sometimes this is hard to detect by the end user, from their perspective, but a good example to make this decision would be to work with banks that are already able to provide their customers with a safe EMV debit/credit card. This would definitely mean that the bank does care about security and provides their customers a safe payment environment.
Company: Realsec, Inc. Redwood City, California U.S.A.
Founded in: 2001 CEO: Sebastian Munoz Public or Private: Private Head Office in Country: Spain Products: Realsec is the leading vendor of secure cryptographic solutions worldwide, providing complete packaged solutions based on certified HSMs for financial, enterprise and government markets in the fields of encryption and digital signature. Realsec's cryptographic hardware devices are FIPS 140-2 Level 3 compliant and Common Criteria EAL4+ certified. Realsec's development site is Common Criteria Certified, and has earned the SEAL Chamber B2B Trust. Company's Goals: To expand Realsec's global leadership in the security payments industry by providing cost effective and straightforward certified solutions that are very competitive and easy to implement. The company is committed to supporting the adoption of sophisticated digital signature applications based on digital certificates both for government and enterprise.
JOIN NOW THE CYBER SECURITY WORLDWIDE COMMUNITY ON LINKEDIN