Multi-factor authentication is critical

Issue 7 2021 Cyber Security

South African companies have responded admirably to the challenges of doing business in a pandemic with many accelerating their digital strategies and opening new channels for consumer engagement. Unfortunately, bad actors have also adapted exceedingly well, taking advantage of loopholes across different channels and using the opportunity to access poorly secured data. And, while business leaders have been focused on securing transactional data, in the longer term, compromised personal information can result in just as much damage as a breached bank account.

Wessel Matthee.

According to a Microsoft report, global consumers use an average of between three and five customer service channels when engaging with a brand. Securing each channel in the most appropriate way, that doesn’t inject too much friction into the user journey, while still providing sufficient security – even for non-financial data – is a growing challenge for global businesses. As PoPIA takes effect, this takes on an added complexity for local organisations.

In South Africa we don’t just have to secure our own information, companies must also ensure that they are monitoring their partners and conducting due diligence. Unfortunately, around 90 to 95% of companies don’t conduct this due diligence, leaving them vulnerable should a breach occur. Even if it was a third party that was breached, the company whose personal information was compromised will still be held accountable. Simple username and password access protocols are no longer enough when it comes to protecting data, even non-financial data.

While mobile network operators and financial service companies have applied authentication protocols for some time, when it comes to other sectors such as healthcare providers, this is often overlooked.

We love to share and it’s costing us dearly

South Africans are a friendly people. We love to share our triumphs and misfortunes and social media has given us the perfect platform to do this. The problem arises when we share information without thinking and that information falls into the wrong hands and is combined with data from compromised sites.

We have to understand that non-financial data is also valuable and can be ‘weaponised’ by fraudsters. Many organisations rely on knowledge-based authentication like security questions for access to their systems. For example, if a customer calls their bank or insurance company, the company has to make sure they are talking to the actual customer. To confirm this, they usually ask security questions, like your address or date of birth. The same is often true for access to online systems. But much of that information is already out there – either on social media or via a breach, making it very easy for fraudsters to impersonate a legitimate customer.

To mitigate this risk, it is vital that we become a lot more circumspect about what we share on social media. But it is also vital that all companies which hold personal information, such as medical aids, hospitals, legal firms and others make use of appropriate authentication.

The one sector which is significantly at risk is telecommunications and MNOs in particular. This was highlighted recently in the chaos surrounding the T-Mobile breach where 40 million customers had personal information stolen.

If you breach an MNO you have access to a multitude of valuable data. You have access to personal information and you can steal payment information as well as security information. The fallout from this could be very costly.

Customers have lost trust and want more control

The spike in data breaches over recent years has given many customers reason to be mistrustful of how their information is stored and protected. In fact, research shows that consumers' attitudes to a ‘friction-free’ experience may be changing and they would now prefer to verify transactions before funds leave their account. While this attitude is more prevalent with older customers, it is still a fairly contrarian position and shows just how guarded we have become when it comes to trusting brands to protect our data.

The growing pressure to secure non-financial data, not only as a result of PoPIA, but also due to the increasing expectations from the general public has resulted in a significant spike in interest in authentication solutions.

We have seen a 50% spike in enquiries from non-financial companies in the last year. The healthcare sector in particular is waking up to just how at risk they could be if they can’t show they have taken all reasonable precautions to safeguard personal information. The need for excellent multi-factor authentication is even more important when companies begin participating in ecosystems and exchanging data with third parties. Passwords and knowledge-based questions will not cut it and companies found wanting will have a hard time trying to convince a judge they had done enough, should they be breached. Not to mention the catastrophic loss of trust from their customers, which in today’s world is a currency all of its own.

About Entersekt

Entersekt is a leading provider of strong device identity and customer authentication software. Financial institutions and other large enterprises in countries across the globe rely on its multi-patented technology to communicate with their clients securely, protect them from fraud and serve them convenient new experiences irrespective of the channel or device in use. They have repeatedly credited the Entersekt Secure Platform with helping to drive adoption, deepen engagement and open opportunities for growth, all while meeting their compliance obligations with confidence.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Intelligently adapting African cities for a better as well as a safer life
Government and Parastatal (Industry) Cyber Security
Smart buildings and cities therefore require as much a security-centric approach as they do an environmentally sustainable one.

Smart city, smarter security
Government and Parastatal (Industry) Cyber Security
Henk Olivier, MD of Ozone Information Technology Distribution, unpacks the importance of smart and secure in the city of the future.

Tackling cyber threats in the post-pandemic era
Cyber Security
Cybercrime costs are expected to increase by 15% each year over the next five years, reaching US$ 10,5 trillion by 2025.

Cybersecurity for the board of directors
Editor's Choice Cyber Security
Bike-shedding is a common distraction in boardrooms, especially when discussing issues board members are responsible for, but don’t understand – like cybersecurity.

Make connected home security as easy as plugging in a router
Cyber Security IT infrastructure
Service providers can now deploy gateway security services for the entire home in weeks, not months.

Changing cybersecurity in South Africa
News Cyber Security
NEC XON plans to change cybersecurity solutions in South Africa, helping customers balance risk management and cybersecurity investment, transform capex to opex and automate activities to reduce costs through managed security services.

Cybersecurity for operational technology: Part 3
Cyber Security Industrial (Industry)
According to a recent World Economic Report, the Covid-19 pandemic has increased our reliance on the global supply chain, while the Internet has accelerated the digitisation of business processes.

App-less authentication offers business, security benefits
Cyber Security
GSM authentication offers an app-less, truly out-of-band, secondary factor that is both low friction and simple to implement for companies looking to protect all customers against fraud.

Cloud can cut your security risks
Cyber Security
Todd Schoeman, BT client business director in South Africa, explores the ways that organisations can reduce security risk by using the cloud.

Combating fraud in the digital world with the support of AI
Cyber Security
With technology evolving and people embracing the likes of mobile wallets, banking apps and other solutions to manage transactions, businesses must rethink how best to bolster anti-fraud mechanisms.