I know bankers are, tired of paying tens of thousands of dollars a month on debit card fraud. Well this multi-factor authentication tool from MasterCard claims purchases over the internet will be as secure as POS purchases….well let’s just say less risky.
It works like this: The cardholder dips the card into a handheld reader and enters a PIN. If the PIN and card match-up the handheld reader gives the cardholder a one-time pass code. This pass code is sent to the card issuer over the merchant’s website for authentication.
Of course, this will all take some time to implement, but “Card not Present� transactions are roughly half the disputes from debit cards according to this post from Financial Times. How does saving half of all your disputed transaction losses from fraud sound?
I have a feeling there will be a lot more of these types of card authentications coming out soon. They may already be out there and I just don’t know about them. Start researching an authentication mechanism that works for your institution and user base. It may even be a regulatory requirement in the future (multi-factor for purchases on the internet).
Finally, the bottom of MasterCard’s page also claims that it can be connected to any device. Maybe this would be a great way to introduce mobile banking on cell phones, multi-factor for phone banking or a true multi-factor authentication with your online banking. No more verifying a picture you chose about 9 months ago, but actually using something you have (the bankcard) and something you know (a password). But, that is a whole other rant.
That is my little glimpse into the future of payment cards, but I’m not a banker so I can’t implement anything like this. I do wish my bank had a smart card. I would be all over it.

Over the last year we have wanted to put together a little event for all of our clients to bring them together and just say thanks for working with us. So we shot the ideas around the table about how to throw such an event. Well, we like to not do the standard ‘meet at a hotel’ event where people stand around and chat often times about pointless things…we wanted to jazz it up a bit.

So what did we decide on?

We have decided on throwing an event in Lewisville, TX at a indoor paintball place called GatSplat. Paintball you ask? Definitely! What not a better way to ‘get even with your technology auditor’ then by shooting some paintballs at them. Should be a good time and if anybody is interested in coming that reads this blog, come on down! We are having the event on June 29th from 1pm-5pm and will have food and drinks. It will cost you nothing to join in, so if you are in town (or not for that matter) and are interested in joining us just email me at brad [at] thegarlandgroup.net and I’ll add you to the invite list!

Good times will be had…be sure to bring long sleeves

I did a little Social Engineering pretext calling reconnaissance work recently to see if I could get some general information (what time do employees go home for the day, locations, urban/rural areas, wire request instructions, etc.). I posed as a customer and all the employees I talked to were very helpful and would even give me more information than I asked for. I was expecting this because of that small town, community banking environment. When I got more comfortable and started asking for sensitive information, I was challenged with authentication questions, which kind of surprised me. I fumbled around and got off the phone quickly. The person I was talking to was very friendly, yet was going through proper procedures to keep the bank secure.
When we do these social engineering reviews and present the bank with our findings I am nervous about scaring employees into being ‘too secure’ (if that is possible). I would love for them to run through all their customer identification procedures before giving out any information, but on the other hand I want them to keep that community bank feel. I guess I just don’t want to scare employees into being robots when working with customers. That would destroy the core competencies of some of the banks we work with. It was nice to talk to someone that really wanted to help me, but went through the right steps to do so. The point of the story: Security and community banking is possible in the same environment, I’ve seen it.