Oct. 16, 2012
/PRNewswire/ -- ValidSoft (
), a global supplier of advanced telecommunications-based fraud prevention, authentication and transaction verification solutions, and a wholly owned subsidiary of Elephant Talk Communications, Corp. (NYSE: ETAK) formerly (NYSE Amex: ETAK), announced that its successful participation in Finovate Fall, NYC, and the live solution it showcased in how to securely initialize a mobile based app, has been proven correct, unfortunately at the expense of a real bank and its customers.
ValidSoft demonstrated their SMART (Secure Mobile Architecture for Real-time Transactions) platform, using just a single example of how to initialize a downloaded banking app, including turning the smart-phone into a two-factor authentication device capable of encrypted end-point tunneling. (To see the ValidSoft demo:
, ValidSoft CEO, commented: "In this particular case, these breaches therefore had nothing to do with the medium being a smart-phone but everything to do with the process employed in deploying and activating the app. There is no real difference between this and Internet banking losses through reliance on PINs and passwords alone. In this and other instances that will surely follow, we need to look at the end-to-end process rather than casting a shadow over mobile banking in general."
SMART is predicated on an increasing number of financial transactions migrating to the smart-phone and being executed over mobile and public data networks. Not only is the phone the medium for transacting, it should also be the medium for securing the transactions, using out-of-band and in-band techniques incorporating a multi-layer combination of visible and invisible checks, yet user-friendly.
The key, and the critical point of exposure with many mobile apps, as pointed out by ValidSoft, is in the actual initialization/enrollment process itself; i.e. knowing who is initializing the App. At Finovate Fall 2012, ValidSoft used a multi-layer security solution based on telephony generated Out-of-Band call which incorporated a Biometric Voice Verification and other invisible checks, providing the ultimate in strong authentication, but in a very user-friendly manner. In the absence of a strong enrollment process, any subsequent authentication process is subject to compromise.