BARRE, Vt.--(AllPayNews)--July 18, 2006--When the FFIEC issued its guidance of October 12 last year, it suggested that single-factor authentication methods may not provide sufficient protection and that financial institutions "should use effective methods to authenticate the identity of customers."
"Unfortunately, the identity of customers is not the problem with phishing, the identity of the financial institution is. As recent news stories about an attack on Citibank business customers have shown, even multi-factor user authentication may not be enough." said Dave Mayette, CEO of L9.com.
The identity of web sites is the actual problem. Phishing starts with an email containing a link to a fake web site and once a victim arrives there, it really doesn't matter how many factors the financial institution has implemented because a phishing victim isn't even using them.
Mutual authentication is a more appropriate defense against phishing than multi-factor user authentication. It provides assurance to the customer that the web site is authentic through some kind of shared secret that a bogus site cannot possibly know. Products that properly defend against phishing and pharming attacks should use both mutual authentication and multi-factor user authentication. Safe2Login is such a product.
Safe2Login is immune to proxy-style man-in-the-middle (MITM) attacks that fool both the user and the authentication system and successfully steal account login information. In addition it prevents keystroke logging disclosing typed login information. Check it out at safe2login.com.
For more information go to:
Other relevant links:
Joe Buhler, 802-229-2005 x130