How Secure is Your Mobile and Web Banking Account?
Do you have a mobile or web-banking account? Is a password the only security measure between you and a cyber-criminal? If you answered yes to the second question, then there is a serious problem that we need to solve in this blog. We are going to learn about Two-Factor authentication in credit card fraud prevention.
It is evident that a password is not as strong as you may think. Scammers often use different ways to crack a password. For example, with the help of key loggers and phony sites, fraudsters can gain a password. Many internet users use the same password over and over. I discouraged this habit on my post on on ways to prevent credit card Fraud.
Statistics reveal that up to 46% of users have a password that is at least five years old. Additionally, approximately 64% of internet users have had their accounts compromised at one point. Approximately three billion usernames and passwords were stolen in 2016 alone. So if you are not using a Two-factor authentication on your accounts I would say it is pretty lame (sorry).
What is two-factor authentication?
Two-factor authentication, often abbreviated as 2FA, is method of verifying identity of a person using two different components. For example, password and a One Time Password (OTP) sent to the phone number of a person. 2FA is very effective in securing an account because it is hard for a cyber thief to gain access to both your password and mobile device needed for verification.
How 2FA Works
After you enter your login information and press a button to login, you are required to enter an OTP that the service provider sends to a phone registered to your account. For example, when you login to your bank account, the bank will send an OTP to the phone number registered with the bank. You will then be required to enter the OTP to successfully login or complete a transaction.
Is 2FA 100% secure? The answer to this is no. Scammers do authentication scams to try and get the OTP from a user. For example, I (as a scammer who has your login details) would attempt to login, then call your number and trick you into giving me the OTP. I could pose as your bank customer service and give an alibi like, “we noticed your number is no longer active, we have sent an OTP to you to verify if you still use the number. Please verify whether you received it by telling us the six digit number you see in the message” If you fall for my alibi and provide the OTP, then I would gain access into your account.
How to be 100% Secure
- Have a 2FA setup with your account.
- Ignore all OTP messages for transactions you did not initiate or request.
- If anyone calls or messages you requesting for OTP, do not entertain them irrespective of how genuine they sound.
- Contact your bank when you lose your phone or card to temporarily suspend activities.
Thank you for reading my blog. In the next few series of blogs, I will walk you through how to set up 2FA for different banking companies in the US and UK. If you have a question I am always available through firstname.lastname@example.org. You can also post any concerns in the comments section below. Share the post to protect your loved ones who may not know about 2FA yet.