In many internet related transactions, the person or the user needs to provide authentication information in order to gain access to their financial assets. According to a report published by the Financial Institutions Examination Council, Arlington, USA, “The agencies consider single-factor authentication, as the only control mechanism, to be inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties”. It further suggests that, “Financial institutions offering Internet-based products and services to their customers should use effective methods to authenticate the identity of customers using those products and services. The authentication techniques employed by the financial institution should be appropriate to the risks associated with those products and services”.
This brings us to a very important concept in relation to internet banking which is the process of ‘authentication’.
Let us now see what are the authentication methods used in Internet Banking and its limitations?
Authentication in internet banking takes place using three principles or factors and these are,
Based on something the user ‘knows’ Based on something the user ‘has’ Or based on something the user ‘is’
The factor of something known to a person relates to ‘PIN numbers’ or ‘Passwords’ and the factor which is based on something the user ‘has’ makes use of a hardware component such as a smart card, credit card or else another device specifically calibrated to use with the authentication process. The factor which makes use of ‘what the user is’ relates to biometric assessments such as finger print scanning, iris scanning or voice recognition.
In most instances, the authentication process of internet banking makes use of only one modality. Thus, most secure sites uses the basis of ‘something the user knows’. Such authentication processes which make use of only single factor authentication can be less secure than an authentication process which makes use of two or more factors for authentication.
When considering the factors attracting a person to use internet banking may it be its cost effectiveness, flexibility, less time consumption and hassle; with the use of multi factor authentication processes, these attracting features could be lost and thus might not make the internet banking process cost effective for the financial institute as well. Therefore, almost all financial institutes are compelled to use the single factor authentication instead of multi factor authentication.
Thus, the result is inevitable vulnerability as most fraudulent activities are aimed at such single factor authentication processes due to many reasons.