The trigger for this
thought is this article Economic
Times article
It seems the speakers at
the Meet, have a very strong mindset to blame the bankers especially
bankers associated with ATM Operations for the fake notes menace.
Maybe the Speakers have
not read this article Security
Features of Indian Notes
The aim of this article
is not to explain what is 1FA(factor authentication) or 2FA(factor
authentication) or 3FA(factor authentication) but to analyze the
pros and cons of 3FA(factor authentication)
3FA(factor
authentication), in simple terms is the verification of the 'User's
request' by three separate steps to conform that the 'request' has
been raised by the correct user only and not by any 3rd
party.
3FA is not 100% secure,
but 99.9999% secure. Nothing in this world is 100% secure.
ATM's in India,
currently have 2FA I.e 'something which a user has – ATM card' and
'something which the user knows – PIN (Personal Identification
Number)
There is a wide choice
for the 3rd FA(factor authentication),
- Biometric (UIDAI being the best example) or
- OTP (One time password)
- Security Tokens or
- Card Lock-in options
- Transaction Authentication
The Pros and Cons of each
option in brief are us under :
- Biometric (UIDAI being the best example)--
PROS :
a) Tools exist to make
this reality.
CONS:
a) UIDAI is yet to
stabilize.
b) The implementation and
the maintenance costs right now are substantial.
- Biometric verfication tools on a large scale are not common in India.
- OTP (One time password)--
PROS: -
a) OTP's are becoming
common.
b) The implementation and
maintenance costs are less
CONS: -
a) OTP features need to
be integrated into the ATM network. This is not a big inhibitor as
majority of the ATM's are part of the NFS (National Financial Switch)
network now. The only factor which might be a stumbling block is the
validity time period of the OTP generated I.e for how many hours the
OTP generated should be live. Currently the industry average is 2
hours for netbanking non-financial OTP's.
For financial OTP's the
life is few seconds.
- Security Tokens--
PROS:
a) Proven technology
b) Costs are less
CONS:
a) Integration with the
ATM's network required.
b) Who will bear the cost
of the Security token?
- Card Lock-in Options--
In simple terms, the Card
Locking feature means allowing Bank consumers the option to lock and
unlock their bank cards to permit or deny account use at automated
teller machines (ATMs) and point-of-sale (POS) devices or on internet
sites.
Some Banks have already
opted for this feature. Check out at Card
Lockin, Diebold
cardlock in feature
PROS:-
a) Brand new concept,
hence to encourage Banks to hop on to the bandwagon.
b) SMS/Branch/Phone/Net
Banking channels can be multiple-touch points for this option.
- Transaction Authentication. Transaction authentication means using an additional electronic signature generated on the basis of the amount to be withdrawn from the ATM. The electronic signature can be a OTP which is generated only after the amount tobe withdrawn is keyed into the ATM. However, the main draw back is that the time-frame to complete the whole cycle of ATM withdrawal is short and introducing Transaction Authentication in the present setup is a challenge.