Digital Banking

Digital Banking

The financial services industry faces huge fraud risks:

  • #1 target for cyberattacks 1
  • #1 target of hackers using phishing to breach security 2
  • 76% of data security breaches are financially motivated 3
  • 82% of data breaches originate from weak username and passwords 4

Impact of banking fraud

Victims of financial fraud can experience short-to-long-term financial loss and the inconvenience of being locked out of their accounts. They also suffer the hassle of applying for reimbursement from their bank once any stolen money has been recovered.

Haventec’s digital banking solution protects customers from theft of their login details via attacks such as phishing, social engineering and shoulder surfing. We prevent account fraud by decentralising authentication data and securing it with single-use encryption keys – so even if some credentials are stolen, they cannot be reused by a hacker.

Fraud prevention with Haventec Authenticate

Haventec Authenticate offers an easy and fast way for digital banking customers to securely access their account/s via their banking app.

The sign-in experience is familiar to the customer as it asks for username and secret. As long as the customer is using an authenticated device the sign-in process is seamless.

Haventec Authenticate employs two main data security methods to prevent digital banking account fraud:

  1. Decentralisation – breaking data into multiple parts and separating those parts across multiple locations
  2. Single-use encryption keys – changing keys and re-encrypting data for every transaction

These methods ensure only an authorised customer with their authenticated device and key can connect to an authenticated domain and access their account.

Even if a criminal manages to capture any part of the customer’s credentials that stolen information cannot be reused, and therefore the following major attacks are prevented:

  • Phishing – fake website never has access to authentication key.
  • Password cracking – Authenticate doesn’t use a password.
  • Shoulder surfing – attacker doesn’t have authenticated device.
  • Social engineering – attacker doesn’t have authenticated device, nor authentication key.
  • Mass Account breaches – two parts of each credentials puzzle are never stored on any system; and new keys are created for each authentication.

[sources: 1. IBM X-Force Threat Index 2018; 2. Infosec Institute Phishing report. 3 & 4 Verizon 2018 Data Breach Investigations Report ]