With consumers using variety of mobile devices like smartphones, tablets and netbooks, banks need to ensure security features like two-level authentication to safeguard online transactions, says security software firm Symantec.
"Today's threat landscape requires a multi-layered approach where user identities are authenticated on at least two levels.
"Two-factor authentication is a type of authentication that is based on something a user knows (factor one) plus something the user has (factor two)," Symantec Director (Development) Suhas Prakashkumar told PTI.
In order to access a network, the user must have both factors to retrieve money from a bank account, making the transaction safer, he added.
Recently, the Reserve Bank of India (RBI) said banks need to put in place an additional layer of security for credit and debit card transactions over IVR (phone) in India.
This is further to its instructions in April 2009 to provide additional authentication beyond data available physically on the card for all internet banking transactions.
Also Read
Two-factor authentication often includes a one-time password (OTP), which is sent to the user to his/her registered mobile phone number. This OTP is refreshed after every 30 seconds to ensure further security.
Therefore, even if a hacker has someone's card details, he/she doesn't have access to the handset/ device where OTP is sent, and the transaction will not be completed.
"The RBI has taken cognizance of the continued growth in sophistication of the threat landscape, where attackers are looking to steal confidential information for financial gains," Prakashkumar said.
According to a Symantec report (July-September 2010), 23 per cent of global goods and services advertised on the online underground economy -- worth over $5.3 billion -- involved stolen credit card details.
"As more Indians transact online, it is imperative for businesses -- both banking institutions as well as online retailers using digital medium -- to ensure a level of trust and confidence that customer/user accounts are secure and their data is not exploited," Prakashkumar said.
It is particularly important not only to ensure security, but also demonstrate security since customers first need to trust the site before parting with their information and money, he added.
"This can be done through keeping the consumer informed of the various security measures taking by the bank, providing tips on securing transactions etc," he said.
With banks enabling users to conduct transactions through mobile devices, security of financial information becomes crucial, especially when there are over 700 million mobile subscribers (according to TRAI), Prakashkumar added.