A recent report from Gartner highlights a growing security trend which has seen fraudsters overcoming strong two-factor authentication methods. Gartner says that Trojan-based, man-in-the-browser attacks are successfully and regularly infiltrating bank accounts, despite the use of strong authentication. As a result, Gartner is calling for a more layered approach to security.
Advocating the use of more than one security measure to achieve optimal fraud prevention makes absolute sense. Implementing a single security solution cannot be expected to defeat every possible fraud attack. However, alongside this approach, there needs to be greater recognition that the business world must also strike a sensible balance between security and usability.
Let’s take EMV Transaction Data Signing (TDS) as an example. TDS can protect against the type of man-in-the-browser attacks highlighted by Gartner. But, it isn’t widely implemented by the banks simply because it is perceived to be more difficult to use than other CAP options.
Striking the right balance between offering customers security on-a-par with the potential risk and providing a good customer experience will always be the conundrum facing banks and other businesses holding sensitive information. And to a certain extent, one will always be a trade-off for the other.