Security in Internet banking is to be revolutionised with the launch of a new service which will generate a unique session-linked, dynamic password for each Internet banking user, which will only be accessible through that individual`s cellular telephone.
"This creates a whole new level of Internet security," says Clinton Browne, technical director at SMS corporate solution specialist Mobile Internet Gateway (MIG), which has developed the solution, known as MIGSecure, in SA.
"At present, when a user logs onto their Internet banking site, they are asked for a password and their user name. Once these two static codes are entered, the user has full access to that account, and can transfer funds or any other transaction," said Browne.
This relatively easy access to a personal or business banking account has always carried with it the risk of interception by malicious persons, as all that is needed is the static username and password combination.
"With the MIGSecure SMS system, a user will have previously entered their cellphone number into their account details when updating or registering for an Internet banking service," said Browne. When a user logs into an Internet banking site using the MIGSecure SMS system, they are first asked for the static username and password. Once entered correctly, they are not taken to the banking account, but to a second screen which issues them with a unique session number.
Simultaneously, a SMS is sent to their cellphone, with a unique dynamic password which is only valid for that particular session and which must be entered within a limited defined time span.
"Only by using the unique dynamic password delivered on their cell phone, combined with the session number allocated over the second Internet page, can users finally enter their online account," said Browne.
The secret to the system`s success is not only the double layer of security - a hacker needs a user`s cellphone and all the passwords - but also the speed in which the service is delivered. The SMS message is delivered within 20 seconds of first accessing the site.
"There is no significant time lag in the security process, unlike other security layers which can eat away at online time," added Browne. Another advantage the MIGSecure system has over more conventional security systems is that it leverages off existing hardware, from both the supplier and end-user side.
"No one needs to buy encryption or decryption devices, or any other hardware than what they already have," said Browne, pointing out that market profiling has shown that Internet banking users are most likely to have cellphones as well.
It is also a form of security alert. An account holder will be notified instantly via SMS if anyone is trying to gain unauthorised to a bank account, Browne said. "It can even be used as a last line of defence against the dreaded Nigerian 419 scams."
Finally, Browne said, the MIGSecure system can be used for not only banking sites, but for any Web transaction or database access where confidential or paid-for information is housed, opening up the application spread to far wider than just the financial sector. "The huge range of applications can be viewed at our Web site, www.mig.co.za," concluded Browne.
Share
Established in 1999, MIG has grown up with the SMS industry, and our founding partners all have many years` experience in creating and developing messaging technology and are communication specialists.
Editorial contacts