In an effort to combat growing security risks throughout banks and other sensitive institutions, one bank in Greensboro, N.C. turned to an out-of-brand authentication method, which verifies users though a channel other than a user’s regular log in.
The $711 million-asset Carolina Bank began looking for better IT security when growth led to an increase in remote workers who required external access. The company’s Citrix and Outlook Web Access systems were particularly venerable; the CEO and IT department feared more security would make the log in process too cumbersome for most employees.
However, the bank was able to solve this problem by utilizing an SMS based authentication technology, which works directly with a user’s cell phone to deliver a unique and time sensitive password to log in.
The large data breach reported by JPMorgan Chase & Co. last summer is a good example of where this preemptive technology comes from. Eighty-three million customer records were compromised when a hacker was able to gain access through a computer being used by an employee working from their home office.
Carolina Bank’s CEO Bob Braswell said this was not the only reason the bank needed to beef up its security.
“We don’t know enough to know what our biggest worry is,” he said. “There’s a 15-year-old kid in Iowa somewhere who’s trying to hack into us. That’s our biggest worry.”
The improved authentication process uses a text-message passcode sent directly to a user’s phone. The passcode is good for two minutes; otherwise the user has to begin again. This protection limits an intruder’s ability to save or pass off the information to someone else.
There are other security feature including geofencing and adaptive authentication. People outside of the Carolina Bank’s market, those who would have little reason to gain access, can be denied or strictly monitored. The adaptive technology is able to maintain further levels of security by tracking logins from multiple devices.
One distinct shortcoming is users will ultimately need their phone on hand to log in. Additionally, each company has to ensure that employee numbers are the only numbers being granted access to the authentication software. Should an ill-intentioned foreigner gain access this way, the technology would grant the foreigner’s mobile device the same privileges as a genuine employee.
Despite these drawbacks, the Carolina Bank reports no problems thus far. It has been well received according to Braswell.
Comments
You can follow this conversation by subscribing to the comment feed for this post.