Published by Dan Wiegand on 15 Jul 2010 at 03:42 pm
Internet Fraud - Solved?
PassWindow Inventor Matt Walker was recently quoted in the Wall Street Journal making a bold claim - that his new PassWindow card “essentially solves the Internet-fraud problem.” PassWindow looks like a credit card, but has a transparent window with a series of lines that can combine with fields displayed online to form numeric security codes. If implemented on financial services websites, the simple, award-winning device can verify both the user’s identity as well as the bona fides of the website, ensuring it is not a “spoof” set up by fraudsters to steal clients’ personal information and login credentials.
In the latest issue of our Consulting Insights newsletter, we discussed several emerging trends in combating online fraud. One increasingly popular approach is multi-factor authentication (MFA), at login and/or for sensitive transactions on the private site. In its strongest forms, MFA draws on a combination of elements that would be impossible for a fraudster to duplicate. Firms with true MFA capabilities, including Bank of America, Charles Schwab, E*TRADE and Wells Fargo, require “something you know,” i.e., a username and password, along with “something you have,” such as a one-time code generated by a digital ID token or sent to a mobile device. (”Something you are” is technically an option, but we aren’t aware of any financial institutions implementing biometric security online.)
PassWindow is an intriguingly low-tech development in MFA. The cards are less expensive to firms than standard digital ID tokens or frequent transmissions to clients’ mobile devices. PassWindow’s interactive aspects also manage to provide an additional layer of protection against spoof websites. However, it remains to be seen if PassWindow is the revelation its creator claims. Fraudsters have proven to be adaptable in the past, eventually developing methods that can circumvent new security techniques - including standard MFA, as the Journal notes. The device must also prove to be user-friendly. For instance, there could be legibility concerns not unlike those related to a CAPTCHA test.
That said, in the high-stakes competition between scammers and fraud departments, the good guys will be pleased to have potentially one more weapon in the arsenal, and a cost-effective one at that. Many on this side of the Pacific will be eagerly watching tests in Asia and Australia, and keeping an eye out for other enterprising individuals with ideas on how to fight fraud.
