DUBLIN, Ireland—European banks are ahead of their U.S. counterparts in defending the mobile channel from cyber thieves, a new report indicates.
For example, KBC Bank Ireland here has upgraded security for mobile customers by integrating the Vasco Digipass for apps into its mobile security application, technology that changes user’s password every 30 seconds to thwart hackers, Third Certainty reported.
With the addition of Digipass, KBC Bank customers can use an iPhone’s Touch ID functionality—a fingerprint identity sensor—instead of a PIN code.
Vasco’s technology provides a graphical cryptogram that contains the details of the transaction, e.g. payee, amount, account number. When a picture of the color QR code is taken and then decoded, customers can securely view and verify financial details on a computer, smartphone or tablet and then authorize the transaction. Because it is encrypted, hackers cannot change the details so they cannot conduct man in the middle attacks.
“This eliminated the opportunity for hackers to use stolen passwords and makes phishing attacks obsolete,” Vasco Data Security International Vice President John Gunn told Third Certainty. “With a six-digit PIN or a one-time-password, a hacker would have a one-in-a-million chance of guessing the correct password. Brute force attacks don’t work because a hacker cannot present a million attempts in 30 seconds, and the password changes again within that time.”
The move by European banks is wise, Gunn told Third Certainty, as crooks are expected to redirect resources to attacking mobile banking as more consumers adopt the channel.
“U.S. banks are behind their European brethren in implementing authentication and digital transaction signing for online banking and, as a result, suffer greater losses,” he said. “It is similar to the situation with EMV card adoption in the U.S. versus the EU.”