ValidSoft Showcases SMART at FinovateFall, NYC

Please select the service you want to use:

• Newsvine
• Digg
• Delicious
• StumbleUpon
• Technorati
• Buzz
• Favorites
• Google Reader

London, October 16, 2012 - ValidSoft (www.validsoft.com), a global supplier of advanced telecommunications-based fraud prevention, authentication and transaction verification solutions, and a wholly owned subsidiary of Elephant Talk Communications, Corp. (NYSE: ETAK) formerly (NYSE Amex: ETAK), announced that its successful participation in Finovate Fall, NYC, and the live solution it showcased in how to securely initialize a mobile based app, has been proven correct, unfortunately at the expense of a real bank and its customers.

ValidSoft demonstrated their SMART (Secure Mobile Architecture for Real-time Transactions) platform, using just a single example of how to initialize a downloaded banking app, including turning the smart-phone into a two-factor authentication device capable of encrypted end-point tunneling. (To see the ValidSoft demo: http://www.finovate.com/fall12vid/validsoft.html).

Pat Carroll, ValidSoft CEO, commented: "In this particular case, these breaches therefore had nothing to do with the medium being a smart-phone but everything to do with the process employed in deploying and activating the app. There is no real difference between this and Internet banking losses through reliance on PINs and passwords alone. In this and other instances that will surely follow, we need to look at the end-to-end process rather than casting a shadow over mobile banking in general."

SMART is predicated on an increasing number of financial transactions migrating to the smart-phone and being executed over mobile and public data networks. Not only is the phone the medium for transacting, it should also be the medium for securing the transactions, using out-of-band and in-band techniques incorporating a multi-layer combination of visible and invisible checks, yet user-friendly.

The key, and the critical point of exposure with many mobile apps, as pointed out by ValidSoft, is in the actual initialization/enrollment process itself; i.e. knowing who is initializing the App. At FinovateFall 2012, ValidSoft used a multi-layer security solution based on telephony generated Out-of-Band call which incorporated a Biometric Voice Verification and other invisible checks, providing the ultimate in strong authentication, but in a very user-friendly manner. In the absence of a strong enrollment process, any subsequent authentication process is subject to compromise.

As a testimony to this approach, and also as an ominous warning to other institutions, one of the largest UK banks recently announced the suspension of its high-profile mobile app, a product that allowed users to withdraw money from ATMs using a six digit code generated by the app, with no card required. The UK bank has acknowledged that fraud is behind the decision.

Despite much speculation on how the fraud occurred, including some assertions that there are inherent weaknesses with smart-phone based apps, the reality is far simpler. The app could be downloaded and initialized by anybody with access to a customer's details and card number, which is information routinely gathered by fraudsters.