The issue for network admins is that they are playing a continuous state of "catch-up," as newer exploits are developed by highly sophisticated cyber gangs in order to keep their profitable fraud rings going as soon as earlier exploits are patched. Smart phones and tablets present an even greater challenge, as most of these devices lack the same malware defenses as their more robust cousins, desktops and laptops.
All of this has led many businesses to shift to more robust authentication and authorization schemes, such as:
Simply put, transaction authentication looks for logical flaws when comparing known data about a user with the details of the current transaction. For example, if a user that lives in the U.S. purchases several big ticket items while logged in from an IP address determined to be from a foreign country, this is cause for concern and would require extra verification steps to ensure the purchase is not fraudulent.
Biometrics literally means "measuring life," and refers to the use of known and recorded physical traits of a user to authenticate their identity, as no two individuals share the same exact physical traits. Common schemes include:
- Voice recognition
- Face scanning and recognition
- Eyeprints, such as retina and iris scans
Tokens are physical devices that are used to access secure systems. They can be in the form of a card, dongle, or RFID chip. One common token used in authentication schemes today is the RSA secureID token, which provides an OTP (one time password) on its LED screen which users must input along with their normal username/password to access a network.
Tokens make it harder for a hacker to access an account, as they must possess not only the login credentials, which can easily be gotten with a keylogger, but also the much harder-to-obtain physical device in order to gain access.
MFA is really a blanket term that describes an authentication scheme that uses two or more independent sources to verify an identity, like:
- Something possessed, as in a physical token or telephone
- Something known, such as a password or mother's maiden name
- Something inherent, like a biometric trait mentioned earlier
OOB uses a completely separate channel, such as a mobile device, to authenticate a transaction originated from a computer. Any transaction that crosses a threshold, such as a large money transfer, would trigger a phone call, text, or notification on a specialized app that further authorization is needed for a transaction to go through. Requiring two channels makes it quite difficult for a hacker to steal money, as they would need to compromise two separate systems (cell phone and computer) in order to pull off a heist.
The increase in cybercrime necessitates an increase in security measures. Fortunately, the above authentication methods make it much harder for a criminal gang to exploit their targets, which will hopefully save millions per year in lost revenue and productivity.