Telephone Banking Authentication Practical Approaches to Securing a Popular yet Vulnerable Channel

Transcription

1 Telephone Banking Authentication yet Vulnerable Channel March 2007

2 Overview Financial institutions (FIs) must implement effective authentication solutions that address specific, often mutually exclusive threats from different channels, while remaining in compliance with FFIEC guidelines which pertain to both telephone and online channels. With phone usage increasing over historical levels, this report provides comprehensive coverage and analysis of consumer preferences toward telephone banking, and evaluates the authentication methods currently being used by FIs for the phone channel. Building upon robust consumer data generated from a survey of 3,215 respondents, Javelin also interviewed several top FIs and authentication solutions providers to obtain qualitative input on current phone security efforts and market trends. Finally, Javelin investigates several well-known phone authentication products. Primary Questions How can FIs secure the phone channel, while maximizing efficiency and reducing costs? Which phone authentication solutions provide the best security? What phone authentication solutions are FIs using? How many consumers conduct phone banking transactions (compared to other channels)? How secure do consumers feel using the phone channel? Audience: Author: Contributors: Editor: Financial institutions and authentication solutions providers Rachel Kim, Research Associate Bruce Cundiff, Senior Analyst Mary T. Monahan, Editor Publication date: March 2007 Length: 23 pages 11 charts/graphs Price: $950

3 Table of Contents Overview. 3 Primary Questions... 3 Findings and Analysis. 3 Over One-Third Of Consumers Bank By Phone: Channel Security Is Critical... 4 Confidence High In Telephone Banking Safety Despite Fraud Potential... 6 Expect Growth In Telephone Fraud With Advent Of VOIP 7 Weak, In-Wallet Authentication Prevails On The Phone Channel 9 Fortify Phone Authentication With Risk Scoring, Voice Biometrics And KBA Vendor Solutions By Need: Comprehensive Or Component. 14 What s The Bottom Line.. 16 Related Research Appendix A: 15% Of Fraud From In-Store, Mail Or Telephone Purchases. 18 Appendix B: Online Bill Payers Have Higher Rates Of Phone Contact Then Non-Bill Payers 19 Appendix C: Telephone Channel Usage Increasing Over Historical Levels Appendix D: Two-Thirds Of Consumers Use Telephone Channel Appendix E: Passwords And Voice Recognition Are The Top Phone-Based Solutions... 22

4 Table of Figures Figure 1: Used a Phone Operated System to Perform a Banking Function 4 Figure 2: Spoke By Phone with a Bank or Credit Union Representative. 5 Figure 3: How Consumers Rate the Safety of Using a Phone Automated System... 6 Figure 4: How Consumers Rate the Safety of Speaking with a CSR... 7 Figure 5: Telephone Authentication Factors Used By Top 23 US FIs. 9 Figure 6: Phone Authentication Model.. 12 Figure 7: Sources of Identity Fraud Figure 8: Financial Activities in Past 12 Months by Bill Payer at Bank Web Site Figure 9: Consumer Financial Activities by Type and Time Period.. 20 Figure 10: Percentages of Online Consumers Who Have Ever Used these Channels 21 Figure 11: Consumers Preferred Methods of Authentication for Online Accounts 22 Companies/Organizations Mentioned in Report Verid Experian Digital Resolve TradeHarbor RSA VoiceVerified Additional Report Topics Phone authentication Call center adoption Vishing Pretexting Voice Biometrics Biometric Authentication FFIEC Compliance CSR Security VOIP Security Knowledge Based Authentication (KBA) Interactive Voice Recognition (IVR) Risk Scoring Adaptive Authentication Voice Signature Service

5 Sample Pages

6 Health Savings Accounts: Focus on Transactions and Product Development Will Lead to Asset Growth Target Place Your Order as Follows: 1) Call us at , x26 2) us at 3) Fax or Mail using the form below: Please send me the following report(s): Report Title Publication Date Price Name Title Organization Division or group Phone Fax Address Signature to confirm your order: Payment Method: [ ] Payment card [ ] Check Enclosed [ ] Invoice me Visa, MC, AE or Disc. card #: Exp date: / Name on Card: Signature For invoicing, provide PO number: (Invoicing is available to financial institutions or publicly owned firms) Note: Reports are provided in electronic PDF form only. Javelin reports are subject to standard terms and conditions, as described on our web site. Javelin will contact you in the future to provide our free research newsletter or other mailings. If you do not wish to receive our newsletter or other mailings, you may advise us of this. Your contact information will not be sold to other organizations.