Asignio: Phishing resistant SMS Biometrics
“(We have received a potentially fraudulent) registration attempt. If this was not you, please press 1.
For security and so we can block this request, we’ll need to confirm your identity. Please key the six digit code we’ve sent you. When you’re finished, please press pound.
Now key in your banking PIN. This would be the 4 digit PIN that you set up when you registered. When you’re finished, please press pound.
Great. We’ve blocked this request and your account is now secure. If a payment has already left your account, no need to worry. It will automatically be refunded back to you within 24 to 48 hours. You do not have to do anything.
For further help you can visit the help section on your visa internet banking. Alternatively, you can visit action fraud at www.actionfraud.com/bankingsupport to find community articles on how to keep your account safe.
You can now hang up.”
The above is a sophisticated attempt at phishing perpetrated by a bot (it can be found here if you want to listen to the video: https://www.youtube.com/watch?v=GNXhHAh67DQ&ab_channel=CyberNews ). Phishing is a major problem and a large component in the growth of fraud. These bots can be easily acquired on the dark web and can easily get around security mechanisms financial institutions put up to protect their customers.
The last two years have seen a significant movement to digital transactions and with that an increase in needs for multi-factor authentication. Passwords are not enough, and customers are frustrated with the 100+ username/password combos they are supposed to remember. The most common second factor of authentication that companies are moving to is text-message based one-time passcodes (SMS OTPs). However, SMS OTPs are extremely vulnerable to phishing, especially sophisticated attacks like shown above.
In order to protect your customers, Asignio has developed a dual-biometric authentication system that works on the same rails as SMS OTPs, the Asignio SMS Biometric. Instead of transcribing a six-digit code, the customer clicks a link and authenticates with handwriting recognition and passive facial verification. Asignio’s dual biometric platform is fast and easy to use, works across all the customer’s devices, is phishing resistant, and very secure.