Recent years have seen a tremendous increase in online shopping.
Major e-tailers now offer consumers more options and product selections, in order to remain competitive and capture a share of the online marketplace.
Unfortunately, as consumer activity online has increased, so too have the efforts by cybercriminals to target the uninformed, resulting in massive losses.
Why do cybercriminals succeed?
For the most part, online shopping is actually a very safe activity. It’s individuals themselves, and their Internet and online shopping habits, that make it unsafe. And that is exactly what cybercriminals are relying upon.
They rely on you not knowing how to identify and avoid phishing emails. They rely on you to use weak passwords, or the same username and password for every online account. They rely on you using public Wi-Fi to log into private accounts. Essentially, they rely on you, the consumer, to not follow some very simple, common sense instruction.
And if you don’t they succeed in their efforts, which could potentially cost you much more than the cash in your bank account — it could cost you your identity, subsequently leading to a whole host of financial and personal problems.
What is Multi-Factor Authentication?
MFA is an authentication mechanism that requires more than one distinct authentication factor for successful authentication. The 3 most common factors are knowledge (something you know), possession (something you have), and inherence (something you are). Multi-factor authentication can be performed using a multi-factor authenticator or by a combination of authenticators that provide different factors.
EU requires Multi-Factor Authentication (MFA) for online payments. MFA has been working its way into consumer life for years. To get to your bank account from a new machine, you often have to provide not only a username and password but a numeric code that you receive via a text message or an email. By implementing a requirement of more than one type of authentication, the bank is ensuring that the person logging in is the actual owner of the account and not a possible cybercriminal.
MFA —which up until now has been a best practice, a recommendation and a feature implemented by vendors and financial institutions only when they deemed it necessary—is now a regulated requirement.
When a user attempts to log in to a resource, they are required to authenticate with a primary authenticator, which can be a single-factor or multi-factor authenticator. Entrust IAM evaluates contextual information such as geolocation, behavioral biometrics, velocity, etc., to determine if a second factor or step-up authentication is required.
If the risk level based on the user request, contextual information, and resource being accessed is low then the user is authenticated and granted access. If the risk level is high, then the user can either be denied or required to use a second authenticator to verify their identity before access can be granted.
Click here if you want to know more about Multi-Factor Authentication!