Forbes recently published an interesting story "The Two-Way Peephole". The article covers what banks and brokerages are doing to reduce their hits from phishing and other forms of malware attacks.
What I found interesting was the end of the article. There it describes what I call "transaction authentication" software being used at ING Direct. "When you log in to ING Direct, its fraud-detection system silently takes your computer's fingerprint, examining 40 attributes such as operating system, browser plug-ins and display settings, and compares them against an encrypted list of machines you've registered in advance. If your password is correct but your fingerprint doesn't match and you can't answer two advanced questions, you'll be asked to phone customer service. If you pass, you see a prearranged picture of, say, a dog, so you know the bank site is real. Theoretically, however, a thief could sign up for an account, download the image of pansies and use it to set up his own phishing site mimicking a bank site."
Now that's what I see as the future for most enterprise systems in the future. As non-financial enterprises get hit more from malware attacks, they will slowly come to the conclusion that transaction authentication is warranted, especially for enterprise crown jewels.
Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com
del.icio.us