• Products
  • Overview
  • AQA TxDataEngine
  • AQA Synthetic Monitoring Solutions
  • AQA SafeGuard OOB Phone Authentication
  • AQA Code Scan
  • AQA easyNotification System
  • AQA SafeGuard RBA System
  • AQA SafeGuard Enterprise Plug-in
  • AQA SafeGuard Suspicious Transaction Monitoring
  • AQA Contact Center Custom Software and Applications
  •  

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    Home > Products > SafeGuard OOB Phone Authentication
    AQA SafeGuard Out-of-Band Phone Authentication

    SafeGuard      

    OOB_Overview

     

    Out-of-Band Phone Authentication

  • To protect your customer from newly emerging attacks (MITB/MITM/Trojans)
  • To prevent the use of stolen identity or account credentials gained through phishing and other means
  • Most effective security control method
  • Flexible and Extensible Platform consisting of multiple OOB authentication methods
  • To protect your customer from newly emerging attacks (MITB/MITM/Trojans) and to prevent the use of stolen identity or account credentials gained through phishing and other means, an Out-of-Band (OOB) phone authentication through a separate channel is the most effective security control method.

    A real-time phone call provides an easy-to-use method for confirming online banking logins, reset password, online banking enrolment, and high value transactions and suspicious activity.

    If a fund transfer transaction with a high value is initiated, an immediate automated phone call can be sent to the user's registered phone number for verification, for example:

    "Hello! This is ABC Bank calling to verify that you have initiated a fund transfer of $500,000 from an account ending 6757 to an account ending 6534. Please press 1 to confirm, press 2 to deny or press 3 to report a fraud."

    If the transaction is valid, the user simply presses 1 (or followed by a PIN or OTP from the user's web browser) to approve the transaction. If the user does not answer the call or press 2, the transaction is denied or flagged for further review. In addition, the user can report fraudulent transactions by simply pressing 3. The system could lock the IPs where the user initiated the transaction and or this locks their account and sends an instant notification to your fraud team.

    Where to Use OOB?

    OOB provides an easy-to-use method for:

    suspicious activity (based on Risk-Based Authentication)

     

    Benefits of Out-of-Band Authentication

    Most Effective security control


    Superior User Experience


    Significant Cost Savings

    Reduced Help Desk Calls

    Why Dawn InfoTek’s SafeGuard OOB:

    What Makes SafeGuard OOB Different?

    Competitive_Analysis

    Newly Emerging Threats and Definitions

    Crimeware -a term referring to a malicious program downloaded onto a user's device by exploiting vulnerability in the user's browser to attack the online banking system

    Crimeware is classified as follows:

    MITM or MITB attacks from malware and online banking Trojans are now responsible for millions of dollars in fraudulent financial transactions each month.

    Market Research

    How MITB/MITM Attacks Work?

    MITB/MITM attacks are initiated by malicious code running on the user's browser/computer, these attacks can be used to hijack a user's authenticated session without detection by the online banking application or the end user. The user logs in as they normally would with a username and password. If a user selects the secure tokens for login, the user also enters the one-time password via same device of the computer from the token during the login. Once the user is authenticated, so is the attacker. The attacker can initiate new transactions, such as creating fund transfer/wire transfers, and reroute the user's valid transactions to attacker’s accounts. In some cases, the attacker just takes over the user’s authenticated session and displays a message to the end user that the website is currently unavailable.