: By T. Kendall "Ken" Hunt, Chairman and CEO of VASCO :
Online fraud cases and fruitful hacking attacks of every description have become commonplace. Every day, new fraud affairs come to light and it is abundantly clear that security is still a weak link. Banks and financial institutions worldwide have already recognized the risks and thus deployed sizeable security infrastructures in order to protect their customers' accounts and avert cybercrime. However, Web companies of all kinds ought to follow suit as security awareness is growing on the score of the heavy mediatized hacking attacks.
Consumer security does not necessarily have to be a stumbling block. With recent hacks and cyber fraud elaborately discussed in the media, the average Internet user nowadays is more and more alert to possible cyber threats and the importance of online security.
In the gaming sector, for example, two-factor authentication has already been established for years. Gaming providers offer their customers the possibility to obtain an authentication device as an optional feature, so that gamers can decide themselves whether they want to add an extra layer of security to their online account. Dedicated gamers availed themselves of the means and now secure their valuable gaming paraphernalia.
Other verticals realize they have to follow soon. Other website owners, too, recognize the opportunity that security can be used as a competitive advantage and that offering their customers peace of mind, may boost customer retention. As authentication solutions have become less cumbersome and more user convenient, the reluctance toward implementing security solutions will dwindle. With the existing offering of hosted authentication solutions, there are even less objections toward integrating two-factor authentication, as the entire authentication process is taken care of. Hence, they can focus on their core business.
Let's take a closer look at IST Shareholder Services an interesting example. This company has had a century-long history of providing stock transfer services for public and private companies. As a full service transfer agent, IST offers a wide range of critical services including shareholder account management, dividend disbursement, board elections, small share buy backs, stock purchase and dividend reinvestment plans.
The shareholder services industry is extremely sensitive and protection-oriented, so security has always been a big part of IST's culture. The firm locks down after-hours access to its office, all garbage is shredded and network systems are tightly managed. Moreover, the industry used to be ruled by paper certificates, but nowadays, online access to shareholder records is the norm, which brings along new security challenges.
That is the reason why IST implemented a cloud authentication platform that provides a convenient and secure login. IST's clients are offered a secure, yet easy-to-use method to access their stock records. They only have to register and download an app onto their mobile device. Then, they simply click on the secure connect button on IST's website, scan the QR code to log on securely. This QR code is verified in the back-end before users are granted access to the IST website. Moreover, there is no longer a need to remember or update passwords, as the unsecure, static passwords are replaced by safe, always-changing one-time passwords.
Bob Pearson, president and CEO of IST, is content with the cloud-based technology: "Boosting security for online records access is a natural fit. Now, IST will be able to offer advanced security to corporate clients, including U.S. banks. Moreover, we now have a competitive advantage, as secure access to shareholder records is unique in the stock transfer industry. I absolutely believe that this online authentication platform is a unique differentiating feature for IST, given our strong reputation for security."
This case shows that strong authentication does not necessarily have to be a big hassle. If security measures are not raised, customers may lose their confidence in the party they do business with, which may have some serious implications. Implementing a two-factor authentication solution, which means that it is protected with one-time passwords, is a possible first step in offering more security and convenience. If a company can guarantee that only the right people can get access to particular applications or business-critical data, it means that it is in its customers' good books.
The ease-of-use and effectiveness of one-time passwords can hardly be denied. OTPs are generated by a hard- or software authentication device that generates an OTP or by an authentication application that can be downloaded on your smartphone. An always-changing password is definitely more secure than a static password, as it can obviously only be used once, so it is useless for hackers to intercept it. Second, OTPs release users of the discomfort of having too many passwords, so they keep the balance between security and convenience. A third advantage is that help desk costs go down drastically. The lion's share of the help desk calls is related to forgotten passwords, which evidently vanishes when OTPs are used. Of course, also the related helpdesk management administration time and costs disappear.
Small companies often lack the knowledge or means to install and maintain a whole security infrastructure themselves. However, the cloud provides an answer to this problem. As everyone knows the triumph of cloud computing can barely be halted. Cost aspects play a central role in the decision-making process for selecting the right solution. Here, the cloud is far ahead: you only pay for the services you actually use. An in-the-cloud solution gives business customers the opportunity to pay per use or per user without bounding in on security level.
Hosted consumer authentication platforms combine high-level security with ultimate user convenience. Consumers can download a free application on their mobile device to securely log on to tens of thousands of business to business and business (B2B) to consumer (B2C) Web applications. The application generates dynamic one-time passwords to securely log on to various websites. As such, dynamic passwords replace highly insecure static passwords and facilitate password management. Consumers no longer need to retain a list of username and password combinations for each website on which they created an account.
Once logged on to the platform, consumers can access every website integrated on the platform with one click of a mouse. The authentication verification process is taken care of in the back-end offering end users the benefits of a single sign-on environment.
An in the cloud two-factor authentication solution can definitely contribute to raise customer trust. Security, convenience and increased customer confidence are picked at random from the various possibilities. This contributes to the customer's pleasant online experience, thus strengthening customer relationships. In short, strong authentication makes a company feel better safe than sorry: it prevents a damaged reputation and guarantees strong customer trust.
Kendall "Ken" Hunt is VASCO's founder, Chairman of the Board and Chief Executive Officer. Hunt has served as Chairman of the Board since the Company's incorporation in 1997, and currently serves a one-year term. He was VASCO's Chief Executive Officer from 1997 through 1999 and returned as CEO in November 2002. He serves, or has served, on several Advisory Boards at prestigious universities, including the University of Miami Board of Trustees, the President's Council, the Board of Overseers for Miami's School of Business, and the MMM Dual Graduate Degree Program for Northwestern University's Kellogg School of Management, and McCormick School of Engineering and Applied Science. He was recently named by Illinois Governor Pat Quinn to the newly-formed Illinois Innovation Council.