Our Path To Strong Consumer Authentication Regulation

By   Information Security Buzz Editorial Staff
Chief Editor , Information Security Buzz | Apr 23, 2015 05:50 pm PST

Recently, Obama issued an executive order that places economic sanctions on individuals or group cyber attackers that aim to threaten US national security or economic activity. The order comes on the heels of a momentous year for malicious cyber crime—A report by PricewaterhouseCoopers found that the number of detected cyber attacks skyrocketed in 2014—up 48% from 2013. The average annualized cost of cyber crime came to $12.7 million for US private companies in 2014, according to a Ponemon study.

In addition to the order, the President has also proposed US legislation to Congress that would increase protection for consumers online. The proposal covers both cyber security and privacy, involving the modernization technology tools to combat cyber threats and promote information sharing across the private sector and government. The initiative to upgrade and innovate security technologies couldn’t come at a better time, given nearly 70% of organizations no longer believe the traditional username/password approach is an effective security firewall.

The US government involvement in combatting cyber crime follows actions already taken in Europe, with the EU Data Protection Rules designed to protect the flow of personal data within the region and extend protection across new technology developments like social networks and cloud computing.  Additionally, in December 2014, the European Banking Authority  (EBA) issued new comply-or-justify guidelines to implement a more secure online framework and protect online payment transactions from fraud. The guidelines require all online transactions to have “strong customer authentication” in place by August 1, 2015. In this situation, “strong customer authentication” is defined as at least two-factor authentication. Similarly, Obama’s executive order and proposed legislation echoes that of Europe, to ultimately help ensure “the Internet remains an enabler of global commerce and innovation.”

From a global perspective, governments are realizing the significant need to get involved and crack down on cyber crime. The US is tackling the issue with offensive tactics—going after cyber criminals with sanctions—while the EU is playing defense, securing up their online infrastructure. The involvement of government serves as a precursor to a more regulated cyber security environment in an effort to stave off breaches and protect government data, the private sector and consumer identities. As the mobile market continues to dominate, phone-based authentication will become the go-to solution for both governments and private companies to protect their users given its trifecta of benefits: cost effective, secure and universally accessible. We’ll likely see the security method make its way into regional legislation in the coming months as the frequency and impact of security breaches continue to escalate.

By Thorsten Trapp, Cofounder and CTO of Tyntec

BIO: Thorsten Trapp is the co-founder and CTO of Tyntec. He is a highly regarded mobile industry expert with over 20 years’ experience in the space.