Phishing Across Interaction Channels: Methods, Experience and Best Practice
This paper will draw on the experience gathered from years of working closely with banks and the current trends to combat phishing and online fraud threats. It will detail the renewed emphasis that strong authentication is not enough but a form of transaction authentication is needed. It makes a call to make the user more aware of the security process asked to perform a specific action and the concept of security process ergonomics. It details somaspects of the important decisions banks need to make when considering the use of anti phishing and anti fraud techniques across different interaction channels such as web, call centre, IVR, branch.
KeywordsCall Centre Interaction Channel Debit Card Security Process Strong Authentication
Unable to display preview. Download preview PDF.
- [Schn05]Schneier Bruce, “The Failure of Two-Factor Authentication”, March 2005, http://www.schneier.com/ blog/archives/2005/03/the_failure_of.htmlGoogle Scholar
- [Dhamija06]Dhamija, Rachna — Tyger, J.D. — Hearst, Marti: Why Phishing Works: http://people.deas.harvard. edu/~rachna/papers/why_phishing_works.pdf, 2006Google Scholar
- [Roscoe97]Roscoe Stanley, “Adolescence of Aviation Psychology”, Human Factors and Ergonomics Society, 1997, ISBN 0-945289-10-3, http//www.aero.ca/e_adolescence.htmlGoogle Scholar
- [Mas07]MasterCard Worldwide, “Chip Authentication Program — Functional Architecture”, February 2007Google Scholar
- [ANSI86]American National Standards Institute, ANSI X9.9: Financial Institution Message Authentication (Wholesale), 1986.Google Scholar
- [MRaihi07]David M’ Raihi et al, IETF, “ How to Share Transaction Fraud (Thraud) Report Data”, http://www.ietf org/internetdrafts/draftmraihiinchthraud-02.txtGoogle Scholar