PhoneFactor Inc. has added a smartphone application to its suite of out-of-band security products, the company announced Dec. 5. But its effectiveness will depend on user participation, one observer contends.
The app is available for Apple Inc.'s iOS devices, including the iPhone and iPad, with a version for Android phones expected by the first quarter of 2012.
PhoneFactor’s products typically send out-of-band text messages or phone calls to users about banking activity, according to the Overland Park, Kan.-based company. The application pushes a notification about such activity as funds transfers to the smartphone screen. Users then tap on a button to authenticate the transaction, reject it or report it as a fraud.
"Most other authorization applications available for the smartphone work like a token," Sarah Fender, PhoneFactor vice president of marketing and product management, said in an interview. That makes them susceptible to malicious-software exploits, such as man-in-the-middle attacks that can divert transfers, she says.
"The benefit here is it provides one more method to communicate with a customer and to get them to participate in the out-of-band authentication experience," Julie Conroy McNelley, senior analyst for Aite Group, wrote in an email.
Out-of-band authentication can work only to the degree that a user participates in the experience, McNelley says.
"Apps provide the opportunity to plant the notification front-and-center in front of the user the next time they look at their mobile device," McNelley says.
