Friday, April 04, 2008

Web2 Finance, Mobiles and Two Factor Authentication

A friend has just had problems with fraud and it got me thinking about two factor authentication and how web2 finance sites such as Mint.com and Wesabe can play a role in making online fraud harder.

The Web2 Financial sites could Email and sms the individual whenever a payment or transaction is done to confirm the transaction before it is committed. Essentially the mobile phone (or email) becomes the second factor of authentication. No need to carry around a separate dongle or bit of hardware in order to make a transaction.

Implementation of this would require the companies to partner with the banks or online payment processors to get the realtime-ness need for the second means of authentication to be effective.

Banks and the payment processors could also do this as well and probably should. I would like to be able to receive an SMS to authorise ATM transactions or when paying by card at a shop prior to being the money being handed over. Not the ultimate solution to card cloning and pin card issues but it would certainly put a crimp in that type of fraud.

Web2 financial services have an advantage over the banks, credit cards and payment processors for the following reasons:

  • Online banking sites suck - badly
  • People often have many bank accounts, credit cards and setting them all up is likely to miss something. As the financial sites already aggregate this information they can act as single point for passing transactions through to authenticate
  • Many online payment processors are merchant focused and never have a relationship with user so can't really send an SMS or email
  • The financial sites are focused on the user while banks, credit cards and payment processors lack this focus
In the end the more services that offer this type of two factor authentication the better for reducing fraud. It isn't going to make it go away (phone and wallet stolen etc) but it can be reduced without having to roll out great numbers of bits of hardware.

Tags: Mint.com, Wesabe, Two Factor Authentication, Mobile, Fraud, Online Payments, Web2