Running an enterprise is one of the most difficult tasks for an organization. As if keeping the gears greased and the factory operating at top speed weren’t enough, every company must be ready to instantly react in the case of an online security breach. Planning for disaster may be what preserves the livelihood of your company and offers you sound sleep at night.
To address your business continuity plan, and understand the important role of voice biometrics, every organization needs to be comfortable answering three planning questions:
- What would you do if a breach exposed your customers’ online credentials today?
A security exposure degrades your customers’ trust and can impact your company’s reputation and sustainability. Planning a viable plan that can be executed immediately is essential. While it may not be likely, your role is to assume that a mass breach of your customers’ credentials will happen at any second. Every bank must be ready to instantly respond with a business continuity plan that includes all executive stakeholders in the bank, including operations, PR, customer support, development, and legal. Uncovering the source and impact of the breach are paramount, followed by immediate execution of damage-control and business continuity plans. Your continuity plan must include a means to reset passwords and validate authentication.
- Is your Security Breach Recovery Plan sufficient for sophisticated modern exploitation?
Maybe your data center and customer’s online credentials are so secure even Tom Cruise couldn’t penetrate it in the next Mission Impossible movie. Maybe you store all your customer credentials encrypted and hashed and salted in a big hardware security module to which not even the NSA could penetrate. Not matter the internal security, your biggest security risk is outside your system–namely, in the minds and devices of your customers. While requiring an upper- and lower-case character and digits may be your standard password syntax, customers may put little thought into its content. Data breaches have revealed that your secure construction translates from a customer’s password preference of “princess” to “Princess1.” Further, with the myriad of sites requiring passwords, many customers use the same credentials across sites. Unfortunately, this lack of discipline means one site’s less-than-optimal security could be the point of compromise that exposes your bank to fraud.
Malware that captures or sniffs for sign-in credentials are can easily be installed without customer knowledge if they are not protected with current antivirus software. The malware is also capable of collecting information from cookies, browser history, and system files to identity all of the sites frequented by the user.
Many sites use security questions to reset passwords, but their effectiveness has been diluted to the point that the same questions and answers are probably on file at multiple sites. Multi-factor authentication is your best means for customer authentication. Requiring card numbers and out-of-wallet information are other alternatives, but are not fool-proof. A mobile phone text or push alert with a one-time password is a much stronger defense as it uses both out-of-band and multi-factor authentication methods. But even this method has its risks as many fraudsters immediately change the email and phone number upon account access.
- Do you have a long-term strategy to address the coming wave of online fraud?
Fraudsters are savvy, cunning and diabolical; stealing your customer’s life savings or tapping into their home equity line of credit is just another day on the job. It’s obvious that improved authentication methods are far beyond due. The next 5 years will unfold many new and improved authentication solutions, with biometrics leading the charge. Biometrics provide the highest form of authentication for users in remote locations. A biometric strategy needs to be on the roadmap for all banks and companies for secure access and control. All companies should be looking at a biometric authentication solution that combines current authentication methods with additional step-up biometric authentication means. Your biometric strategy may even include a multi-modal biometric, but should first include a voice solution. Unlike fingerprint and other methods, all phones are capable of accepting voice entry. Further, and most importantly, only voice biometrics solutions using random words or phrases can change the trust verification source, much like a PIN or password. A pilot is essential to learning and defining future access and an ensured authentication plan for the future. And as with PIN and passwords, they must be stored in hardened security environments.
Piloting a voice authentication program should be your first step. Begin now as putting a plan in place will take time. Risk can’t be eliminated, but it can be managed, and it must be managed by the companies who trust you with their life savings. Banks should begin enrolling customers now, if for no other reason, defensive measures against compromises of password through malware. Start slow and let it grow, integrate into your existing system, plan a phased approach initially targeting high net-worth customers and security conscious.
Steve Hoffman is CEO of SayPay Technologies, Inc., a biometric solutions-based company that offers a single solution that works on all devices, for a myriad of purposes, and can be extended across any financial institution enterprise. Contact Steve at firstname.lastname@example.org.
Download this whitepaper