If you were to ask me about the trends that have emerged over the last six months I can tell you with hand on heart that nearly every prospect I have spoken to mentions their concern about customer account security. Generally speaking these are organisations that provide online account access to YOUR very confidential information. These accounts can be banking, pension, web mail, social media, gaming, and other web accounts. The great thing about these online accounts is that it can provide instant access to the data that would otherwise be harder (and more expensive) for the customer to obtain. The downside is that by and large, security to access these accounts is quite weak.
Remember the ‘old’ phishing email attacks? “Click on this link to reset your password or else your account will be suspended.” Well, some of the oldest confidence tricks in the book have been reinvented with new ways to trick people into revealing their username and password. If you are a gamer, then you no doubt have seen these fraudsters operating in the MMOs (Massive Mutliplayer Online games) with in game chat. They will send you an instant message with a link ” hey check out this cool new level I found” then you click on the link and you see a very authentic looking website that prompts you to enter your login credentials before you can access the “really cool new level.” The next thing you know, all your points or gold has been stolen! Then, Gamer Johnny gets very upset and decides to play somewhere else.
If you are an avid social networker, it’s even worse. The amount of malware and simple social engineering to capture usernames and passwords would make your head spin. Your username and password is the only thing standing between you and all of YOUR data getting out into the wild. How many times have you seen status messages from people you know that they did not post???
So, what happens if your username and password does get out in the wild? Well, if the account provider has deployed TeleSign Phone Verification, then you are still safe! Here’s my own personal example. I use a popular webmail provider who has deployed TeleSign Phone Verification. I registered a primary and a secondary phone number with them. Then they sent me an SMS message with a one time passcode which I was prompted to enter into the website when I logged in. Once verified, the number was attached to me, and it created a “trust anchor” with my web mail provider. I still use my user name and password when I login from my computer, but if I were to login from a computer that my provider doesn’t recognise, then they would invoke an verification request. The web mail provider sends me a one time passcode to my mobile, I enter it into the web site, and hey presto, I get access. How cool is that?