Within one month of demonstrating the pitfalls of mobile banking deployment and enrollment a major UK bank becomes a high-profile victim
LONDON, Oct. 16, 2012 /PRNewswire/ -- ValidSoft (http://www.validsoft.com), a global supplier of advanced telecommunications-based fraud prevention, authentication and transaction verification solutions, and a wholly owned subsidiary of Elephant Talk Communications, Corp. (NYSE: ETAK) formerly (NYSE Amex: ETAK), announced that its successful participation in Finovate Fall, NYC, and the live solution it showcased in how to securely initialize a mobile based app, has been proven correct, unfortunately at the expense of a real bank and its customers.
ValidSoft demonstrated their SMART (Secure Mobile Architecture for Real-time Transactions) platform, using just a single example of how to initialize a downloaded banking app, including turning the smart-phone into a two-factor authentication device capable of encrypted end-point tunneling. (To see the ValidSoft demo: http://www.finovate.com/fall12vid/validsoft.html).
Pat Carroll, ValidSoft CEO, commented: "In this particular case, these breaches therefore had nothing to do with the medium being a smart-phone but everything to do with the process employed in deploying and activating the app. There is no real difference between this and Internet banking losses through reliance on PINs and passwords alone. In this and other instances that will surely follow, we need to look at the end-to-end process rather than casting a shadow over mobile banking in general."
SMART is predicated on an increasing number of financial transactions migrating to the smart-phone and being executed over mobile and public data networks. Not only is the phone the medium for transacting, it should also be the medium for securing the transactions, using out-of-band and in-band techniques incorporating a multi-layer combination of visible and invisible checks, yet user-friendly.
The key, and the critical point of exposure with many mobile apps, as pointed out by ValidSoft, is in the actual initialization/enrollment process itself; i.e. knowing who is initializing the App. At Finovate Fall 2012, ValidSoft used a multi-layer security solution based on telephony generated Out-of-Band call which incorporated a Biometric Voice Verification and other invisible checks, providing the ultimate in strong authentication, but in a very user-friendly manner. In the absence of a strong enrollment process, any subsequent authentication process is subject to compromise.
As a testimony to this approach, and also as an ominous warning to other institutions, one of the largest UK banks recently announced the suspension of its high-profile mobile app, a product that allowed users to withdraw money from ATMs using a six digit code generated by the app, with no card required. The UK bank has acknowledged that fraud is behind the decision.
Despite much speculation on how the fraud occurred, including some assertions that there are inherent weaknesses with smart-phone based apps, the reality is far simpler. The app could be downloaded and initialized by anybody with access to a customer's details and card number, which is information routinely gathered by fraudsters.
ABOUT ValidSoft
ValidSoft Limited has been a wholly owned subsidiary of Elephant Talk since early 2010 and underpins the mobile/cloud security offerings of the Group. The company is a market leader in providing solutions to counter electronic fraud relating to mobile, internet, card, and telephone channels. ValidSoft's solutions are used to verify the authenticity of both parties to a transaction (Mutual Authentication), the security of the relevant telecommunication channel used (Secure Communications), and the integrity of transactions itself (Transaction Verification) for the mass market, in a highly cost effective and secure manner while being very easy to use.
The company counts several leading worldwide service providers and institutions amongst its customers. These companies benefit from a very substantial reduction in false positives, thereby freeing up resources to combat actual fraud, as well as a substantial elimination of the fraud itself, all in real time. ValidSoft is the only security software company in the world that has been granted two European Privacy Seals. Visit http://www.validsoft.com.
ABOUT Elephant Talk Communications
Elephant Talk Communications, Corp. (NYSE: ETAK), formerly (NYSE Amex: ETAK) is a leading international provider of mobile networking software and services. The Company's mission is to provide a single service, fully enabling and securing the mobile cloud.
Elephant Talk empowers Mobile Network Operators (MNOs) and Mobile Virtual Network Operators (MVNOs) by providing a cloud based mobile communications infrastructure, operating software and managed services, based mostly on company developed and owned software. We enable these Mobile Operators and Virtual Network Operators by offering a full suite of products, delivery platforms, support services, superior industry expertise and high quality customer service without substantial upfront investment.
As a specialized outsourcing partner, we provide operating software, managed services, cloud and SaaS solutions, an integrated transaction and delivery platform to the mobile telecommunications industry globally. Our products include remote health care, credit card fraud prevention, mobile internet ID security, secure remote file access management, loyalty and transaction management services and a whole range of other emerging mobile services.
Elephant Talk can count several of the world's leading Mobile Operators amongst their customers including Vodafone, T-Mobile and Zain, and virtually all business is focused on tier 1 operators worldwide. Visit http://www.elephanttalk.com.
Forward-Looking Statements
Certain statements contained herein constitute "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Such statements may include, without limitation, statements with respect to the Company's plans and objectives, projections, expectations and intentions. These forward-looking statements are based on current expectations, estimates and projections about the Company's industry, management's beliefs and certain assumptions made by management. Readers are cautioned that any such forward-looking statements are not guarantees of future performance and are subject to certain risks, uncertainties and assumptions that are difficult to predict. Because such statements involve risks and uncertainties, the actual results and performance of the Company may differ materially from the results expressed or implied by such forward-looking statements. Given these uncertainties, readers are cautioned not to place undue reliance on such forward-looking statements. Unless otherwise required by law, the Company also disclaims any obligation to update its view of any such risks or uncertainties or to announce publicly the result of any revisions to the forward-looking statements made here. Additional information concerning certain risks and uncertainties that could cause actual results to differ materially from that projected or suggested is contained in the Company's filings with the Securities and Exchange Commission (SEC), copies of which are available from the SEC or may be obtained upon request from the Company.