You have a responsibility to help protect your clients
STRONG AUTHENTICATION
Having rigorous authentication processes helps detect identity abuse. But multi-factor authentication shouldn’t rely on SMS-based authentication – it gives a false sense of security and can aid criminals through illegal phone porting.
Give your customers the option to set a security PIN required for account changes, especially phone transactions.
SIM Cards should be locked and unavailable to port if the appropriate security approvals aren’t met.
STRONG
SYSTEMS
Maintain a vigilant approach to possible threats to your systems.
Identify operating weaknesses, particularly in software.
This extends beyond an organisation's information system ecology to the devices used by customers.
Research shows that an organisation’s disclosure about the implementation of their identity theft counter-measures and management systems is viewed positively.
TIPS FOR BANKS,
INVESTMENT FIRMS,
and REAL ESTATE
Use hardware dongles that generate one-time passwords (OTPs). They’re considered more secure than codes sent by SMS.
Track attempts at high-value transactions.
Use metrics such as device fingerprint technology and geolocation to reject transactions and suspend accounts.
Respond quickly to account-freezing requests. Enforce a rigorous authentication process such as several pieces of ID, and an ‘only-person’ account unblock.