• Pages

    • Recent Articles

    Links

    Small Business Banking Security

    This morning in my Google alerts, I found this blogposting. We don’t actively pursue the online-banking authentication market as it is saturated with competitiors and not really a good place for innovation.

    Instead, we  focus on helping smaller sized organisations secure their login points. One of the ways we do this is by recognising that SMBs like to use SaaS applications, but they want stronger security at login. So we created our Google Apps and Salesforce.com adaptors. Problem solved.

    So whilst I was reading the blog entry, I had an idea. Part of the article says:

    Avivah Litan, a financial fraud analyst with Gartner Inc., said unauthorized wire transfers disproportionately impact small to medium sized businesses that may be using online banking but do not have the same stringent financial controls in place at many larger corporations. “

    Which makes sense. Less financial controls makes it harder to know if an SMB has been a victim of theft from their account.

    Perhaps the delegated authentication model, very similar to that of Salesforce or Google Apps is one that could work for online banking.

    I know that there is all sorts of vaporware about federation and internet SSO for financial transactions, but a facility where a banking customer could choose their own identity provider, might work for everyone. Here’s why:

    1.  It removes the authentication process monoculture that currently makes it so easy for bad guys to write automated attacks for online banking
    2. SMBs can actively manage their risk by choosing to spend a little bit, or a lot on their authentication processes
    3. Banks can stop being IT security houses (which they don’t want to be, and aren’t very good at)
    4. The Internet SSO movement would get a significant shot in the arm

    Ok, I know there are all sorts of problems with something like this. But it is an interesting thing to think about. If anyone out on the tubes has any ideas around this, or even is a customer of a bank they consider to be a bit innovative, let us know.

    I can’t promise anything, but it is food for thought.

    Leave a Reply