Out (of Band) Is In
Out-of-band authentication has been touted as the answer to many kinds of fraud for the past two years; PhoneFactor makes it easy.
Instead of using a hardware token or a browser-based software application as a second factor of authentication, PhoneFactor verifies the identity of the user-after they login with their user name and password-by calling them on their landline or mobile phone and requiring the user to press # or enter another personal identification number. If the customer receives a call that someone else is illegitimately trying to gain access, the customer can automatically secure the account and notify their bank's IT department.
"The beauty of the system is it works the same way no matter what phone they're using," says Steve Dispensa, the Overland Park, Kansas-based company's CTO. And by circumventing another online-based form of authentication, he claims, it limits the potential for viruses like 2008's Silent Banker Trojan, which targeted the browsers of online banking customers at as many as 400 banks.
"What they're offering is convenient," says Robert Vamosi, analyst for Javelin Strategy & Research of Pleasanton, Calif. "People have their cell phones with them all the time. It's very satisfying to have that handshake," Vamosi adds.
PhoneFactor is typically aimed for use on high-risk transactions, such as wire transfers or the addition of new online bill payees, or account changes. Financial institutions can pay based on the amount of authentications or the number of overall online banking users, according Dispensa. Customers include financial institutions such as Associated Bank - the authentication company's largest single deployment so far is with an unnamed financial firm - and ecommerce companies like Bling Nation; Phone Factor already has "millions of end users," Dispensa says.