The Authentication Challenge

Static Passwords are Rubbish! From a customer perspective, they are an annoyance with another piece of information to be remembered, are frequently forgotten and valuable time is wasted getting the password reset. Due to the rise of phishing, and its friends smishing and  twishing, fraudsters are able to very effectively get whatever other pieces of information are needed to reset the password to one of their choosing so they add [Read More]

Initial Thoughts on the EBA's RTS for Strong Customer Authentication

Introduction On 23 February 2017, the European Banking Authority published their long awaited Regulatory Technical Standards (RTS) for Strong Customer Authentication (SCA) and Common & Secure Communication (CSC). PaymentsUK – a trade association for Financial Institutions operating in the UK – has a good summary of the goals behind this EU legislation. At a high-level, the goals of PSD2 are to improve the consumer experience of the banking sector by promoting competition, [Read More]

Researchers Use Wi-Fi to Detect Phone PINs

This is very clever research. The team were able to use a $25 device to detect hand motions, and use those to infer phone unlock passcodes, from accurately detecting Wi-Fi inteference. Initially the system had a success rate of 62% but that increased to 83% once researchers trained the system on specific characteristics of different devices. ABSTRACT In this study, we present WindTalker, a novel and practical keystroke inference framework [Read More]

Apple Pay on the Web

Today, Apple expanded the reach of Apple Pay to the web. Later this year, websites will be able to enable an ‘Buy with Apple Pay’ button on checkout screens. This will be supported in the mobile and desktop versions of the Safari web browser on Mac and iOS devices running iOS 10. Merchant Implementation For merchants, the implementation looks very straight-forward; there are some JavaScript function calls to implement and [Read More]

Smartphone by Default: A Qualitative Research Report from OFCOM

Government Agencies seem to have an unlimited ability to bury excellent content inside documents with the very driest of names. This marvellous report from OFCOM is a great example of such behaviour. This report summarises the findings of a number of in-depth interviews with a wide cross-section of the UK public on their smartphone usage. I would urge you to read the entire report but, for my day job, a [Read More]

Visa's Infographic on Risk-Based Authentication for 3-D Secure

Increase e-commerce sales with frictionless Verified by Visa Risk-based Verified by Visa is the best frictionless authentication solution for e/m-commerce. RBA reduces abandonment rates by 70% compared to previous VbV solutions A great infographic from Visa highlighting the hugely positive impact of moving to a risk-based authentication approach for 3-D Secure. With the sophistication of today’s fraud detection, there really is no need challenge every transaction; particularly given [Read More]

UK Government Digital Service on Identity Proofing & Verification

GOV.UK Verify doesn’t just use open standards – we have helped set the standards for identity proofing and verification and online authentication for UK government digital services. These documents are jointly published by the Cabinet Office and CESG, the National Technical Authority for Information Assurance. All the certified companies are required to meet those standards, and have to be independently certified to confirm that they do. The good practice [Read More]

Discovery of the World’s First Keylogger

A fascinating write-up of the discovery of what appears to be the first known use of a key-logger in 1984 within the US Embassy in Moscow. The Selectric Bug was a sophisticated digital eavesdropping device, developed in the mid-1970s by the Soviet Union (USSR). It was built inside IBM Selectric II and III typewriters [4] and was virtually invisible and undetectable. A total of 16 devices were found inside typewriters [Read More]

Untangling the Tale of Ada Lovelace

A wonderful biography of Ada Lovelace to celebrate the 200th anniversary of her birth. Renowned scientist Stephen Wolfram dives into the relationship that gave birth to the age of computers Source: Untangling the Tale of Ada Lovelace — Backchannel — Medium As a computer scientist, it is fascinating to better understand the connection between many of the preeminent people of the era who influenced her life, including: Lord Byron (Ada’s father) [Read More]