Two of the major issues facing CIOs are the harmonizing of IT and business strategies, and compliance. Online fraud falls into both of these categories and as a result CIOs are faced with a delicate balancing act – protecting their data assets in a very threatening global fraud environment, without making their company more difficult to do business with, while taking into account customers’ changing needs and preferences.
There is a clear shift towards two-factor authentication but that alone won’t manage the risk of multiple security threats that emerge quickly from all corners of the globe. What’s needed is a strategy that matches security with risk, works today – and will continue to deliver for an infinite number of tomorrows.
Some effective strategies to boost fraud detection rates without impacting genuine users:
1. Make it as simple as possible. The less user input needed, the more effective the result.
2. Match the level of security with the level of risk. One size does NOT fit all and all transactions and users should NOT be treated equally.
3. Educate the users beforehand using direct mails, websites, FAQs etc.
4. Look at the robustness of the tokens that are sent out. The tokens will take a lot of punishment as they are being used in the real world, not in an IT controlled office environment – cheap tokens will need replacing more often than robust ones. Think of the logistics and costs of replacing 5%, 10% or even 20% of the issued tokens. The bank turns into a service centre for faulty tokens.
5. Remember that when the customer has to replace a damaged token two things happen, first, they cannot access their account (losing transaction revenue). Second, They build up a negative perception about the bank’s service if they do not get a replacement very quickly, thus damaging brand value and credibility.
6. Management, registration and support of a 2FA project should be simple, scalable and cost-effective
The top five recommendations to CIOs looking to protect their data assets in a global fraud environment include:
1. Ensure that your security policy matches and complements the business objectives of the company and get business leader buy-in.
2. Formulating a security policy is only the first step – it must be implemented, enforced, monitored, reviewed and, if necessary changed to be appropriate to the current business, threat and user landscape.
3. Make sure that identities are protected as well as data assets – misappropriation of an identity renders perimeter defence useless.
4. Ensure that the protection applied is in proportion to the value of the data assets being protected.
5. Anti-fraud security is ongoing. Make sure that the system that you select is manageable, scalable and adaptable to ensure the best ROI.
Naftali Bennett
Naftali Bennett is Senior Vice President, Consumer Solutions Division, at RSA Security. He joined RSA Security from Cyota – a company that he co-founded and in which he served as Chief Executive Officer. Prior to founding Cyota, Bennett was VP Marketing at I-scraper.com |
