US Court rules a bank can be sued for their failure to adopt multi-factor authentication

Late last month an Illinois District Court ruled a bank can be sued for their failure to adopt multi-factor authentication and concluded the bank breached its duty to protect the Plaintiffs' account against fraudulent access, and if the bank's failure to adopt multi-factor authentication caused fraudulent access to plaintiffs' account, it could be held liable for negligence.

In 2007, a hacker gained access to the plaintiffs' online accounts by using the plaintiffs’ username and password. The hacker ordered a $26,500 advance on the plaintiffs’ home equity line of credit, which was transferred to a bank in Austria. When the theft was discovered and the funds traced, the Austrian bank refused to return the money.

Citizens Bank notified the plaintiffs that it intended to hold them liable for the harm. The online banking agreement between Citizens and the plaintiffs stated "We will have no liability to you for any unauthorized payment or transfer made using your password that occurs before you have notified us of possible unauthorized use and we have had a reasonable opportunity to act on that notice." Citizens billed the plaintiffs for the $26,500, and when failed to pay the balance on time, Citizens reported the account as delinquent to credit bureaus, and threatened to foreclose on their home, if the plaintiffs continued to refuse to make payments.

The plaintiffs sued Citizens, claiming that the bank's actions violated the Fair Credit Reporting Act (15 U.S.C. § 1681, et seq.), the Truth in Lending Act (15 U.S.C. § 1601, et seq.), the Electronic Funds Transfer Act (15 U.S.C. § 1693 et seq.) and constituted common law negligence.

The Court ruled, "In light of Citizens' apparent delay in complying with FFIEC security standards, a reasonable finder of fact could conclude that the bank breached its duty to protect Plaintiffs' account against fraudulent access[,]" and if the bank's failure to adopt multi-factor authentication caused fraudulent access to plaintiffs' account, it could be held liable for negligence.”

follow the source link for more

NAB tests voiceprint recognition

CUSTOMERS enrolled in National Australia Bank's new voice biometrics system for phone banking may be able to use the same system to authenticate their internet banking activities.

NAB is the first local institution to give customers an opportunity to enrol in a voiceprint recognition system, dispensing with the need to remember PINs and passwords or provide personal information when calling the bank.

NAB direct channels speech program manager Sam Jackel said voiceprints could be used as a second-factor authentication method for internet banking transactions independently verified at present via an SMS message sent to the customer's mobile phone.

Users had to open the message to retrieve a single-use passcode and enter it into the onscreen session, he said.

But, Mr Jackel said, using voiceprints would enable a simple phone call to authenticate the user against the unique voiceprint record.

 

West Interactive Selects PerSay for Voice Biometrics

West Interactive, announced that it has selected PerSay as its technology partner for its hosted voice biometrics offering.

Biometric speaker verification technology uses the power of voice to provide the critical component in an effective multi-factor authentication solution. Like a fingerprint, each person can be identified by the distinct features of his or her vocal characteristics and speaking patterns. Voice verification is the process of comparing a voice sample with a stored, digital voice model, or voiceprint, for the purpose of verifying identity.
[click heading for more]

Will biometrics measure up to the future?

Who could forget the scene from Tsui Hark's 1997 B-movie "Double Team," where an imprisoned Jean-Claude Van Damme scrapes the skin off his index finger, attaches it to an impromptu mechanical contraption and booby-traps it to hit the scanner at precisely the scheduled time each morning, so that his captors don't notice his escape?

Indeed, biometric identification systems are a bit harder to fool than simply getting the password right. And as this technology advances, so do people's concerns over its true effectiveness. 
[click heading for more]

W3C examines the next generation of speech technology

[nik's note:]

The W3C on Tuesday said the next generation of VoiceXML will include specifications for speaker verification.

"Speaker verification and identification is not only the best biometric for securing telephone transactions and communications, it can work seamlessly with speech recognition and speech synthesis in VoiceXML deployments," Ken Rehor, newly elected chairman of the VoiceXML Forum, said in a statement.
The W3C has now completed its desired requirements for VoiceXML 3.0 and expects to have a working draft of the specifications by the end of the first quarter, said James Larson, co-chair of the W3C Voice Browser Working Group.
In addition to the speaker identification requirements for VoiceXML 3.0, the W3C addressed the issue of extending its Speech Synthesis Markup Language (SSML) functionality to certain languages including Mandarin, Japanese and Korean.

[click heading for more]

Biometric security to drive $7.3 billion in five years

A new study by ABI Research concludes that biometric-security applications will account for $7.3 billion of spending in 2013, up from about $3 billion this year. Fingerprint recognition will continue to be the dominant form of biometric identification, but face-, iris-, hand-, and speech-recognition will also play roles. Importantly, the biometric vendor community will benefit as facility operators realize the value of combining multiple types for increased security. [click heading for more]

Can biometrics make banking more secure?

VILLAINS, beware. The fight against online fraud has a new weapon—the panic finger. Banks in Europe and South Africa are testing a device that authenticates online transactions by asking customers to run their fingerprint over a reader. If the print matches a stored copy, the device, which is made by Siemens, a German firm, and AXSionics, a Swiss firm, shows a PIN code that can then confirm the transaction.
Consumers can enrol more than one finger when they start using the scanner. That adds yet another layer of security: worrywarts can set the device to require a concerto’s worth of fingerprints before it gives out the PIN code.
It also allows people to designate a panic finger, for use if fraudsters are forcing customers to use the device. Swipe the said digit across the scanner and the transaction will appear to go through as normal even as the bank is alerted that something fishy is going on. For the truly neurotic, there is yet more reassurance. Criminals who are tempted to hack off customers’ fingers will be disappointed: the scanner has to detect circulating blood to work.

But two big hurdles remain—convenience and cost. Training customers to use something new is never easy. Scanning fingerprints adds time as well as security. And the device is another thing to lose or break. Systems based on voice biometrics look more user-friendly: people already use telephones, and can do so on the move. Voice signatures can also make transactions swifter, by cutting out the need to enter account details.
The economics are an even bigger barrier. The costs of the technology are coming down, but the device is still more expensive than other systems. Creating passwords costs virtually nothing and smart-card readers for use at home are much cheaper too [click heading for more]

Telisma And PerSay Partner For Voice Authentication

Speech recognition provider Telisma and voice biometric company PerSay have announced a partnership in an effort to provide more comprehensive voice solutions for customers. Voice biometric technologies take advantage of the fact that each person's voice is a unique and unobtrusive identifier, like a fingerprint. For contact centers that support banking, telecommunications and other industries, voice biometrics can be a cost-effective way to enhance security and improve customer convenience.

In cases where businesses require what’s known as “triple factor authentication,” voice biometrics can be an important “leg” of the trio, which may also include PIN numbers and a caller’s telephone number identification. [click heading for more]

At Bell, Your Voice Is Your Password

Bell Canada initiated steps late last year to reconcile call center efficiency with customer privacy and security. The carrier recently implemented the Voice Identification Service, powered by PerSay’s VocalPassword technology and Nuance Communications’ automatic speech recognition technologies. This implementation, which offers voice security across Bell’s landline, wireless, Internet, TV, and VoIP customer base, is said to be the largest text-dependent voice biometrics deployment in the world. [click heading for more]