In parallel to the growth in use of online channels for accessing a variety of services, and performing a variety of transactions, identity theft has reached epidemic levels, and online account takeover and transaction fraud is growing at an enormous rate. Fraudsters have new technologies at their disposal: for example “Trojan horses” and key loggers are installed in unsuspecting customers' computers, transmitting personal information back to the fraudster; and phishing attacks trick consumers into giving up personal and financial information (for example without limitation: social security number (“SSN”), account numbers, banking information, user names and passwords for various services, personal identification number (“PIN”), credit card numbers, which may be referred to as for example “user Credentials” or “Credentials”).
Recent scams indeed show a sophisticated, determined, innovative and well organized online crime wave. Fraudsters are more adaptive than ever, modifying their modus operandi and techniques quickly to exploit new vulnerabilities. While the fraudsters do not limit themselves to a specific sector, their main focus is on the banking and financial accounts sectors (other sectors prone to fraud are government services, ISPs, telecom companies and healthcare and many others).
One issue relates to authentication and how does a service or transaction provider indeed know whether a certain user accessing a service and performing actions at a certain site is indeed who he or she claims to be. It is clear that in today's environment using the combination of a logon and password alone (which still are the most prevalent method of authentication) may not be satisfactory.
Many solutions have been proposed for the problem of authentication, however many of them encounter an imbalance between usability and security (i.e., they are either not secure enough, or, when security is enhanced to satisfactory levels, they are cumbersome and expensive to deploy and operate). There is, therefore, a need for further solutions to deal with the problem of authentication.