Currently, online and mobile banking provide financial institution customers the ability to make payments, transfer funds and the like via personal computers or other computing devices capable of connecting with the Internet. However, the security of such web-based transactions is at risk because the financial institution has no way to ensure the integrity and confidentiality of these transactions. This is due to the fact that the financial institutions have no means to ensure that the customer's device or system provides the necessary degree of security, irrespective of the customer being an individual customer or a business customer.
Specifically, personal computers are inherently not designed to provide the highest possible level of security. This is because the user of the personal computer demands the freedom to be able to execute any type of software, firmware or the like, regardless of the security protection provided to the software. In this regard, personal computers are configured to allow for executing both secure software and unsecure software.
In addition, most online and/or mobile banking use standard alpha-numeric password-based authentication schemes to verify the identity of the customer. These types of passwords are readily susceptible to being intercepted during communication to the financial institution, or otherwise fraudulently acquired by a hacker via an attack. While most passwords are not generally stored on a personal computer or financial institution server in plaintext, even encrypted and hashed schemed passwords are susceptible to attack or interception. For example, a hacker may intercept an encrypted or encrypted/hashed password from the network and use an off-line attack (such as a dictionary attack in which the attacker takes every known word and encrypts it with the network's encryption algorithm, hoping to find a match with an intercepted password hash).
Once the customer's password has been nefariously acquired or the encryption of the password compromised, the hacker is free to illegally conduct financial transactions as if they were the customer. Thus, the need to ensure user authentication when conducting online financial transactions is imperative.
In addition, conventional alpha-numeric passwords have a tendency to be forgotten by the user. This is especially the case in instances in which the customer/user infrequently conducts transactions with the online financial service and, thus, the password is infrequently used. If an alpha-numeric password is forgotten by the user/customer, the customer may, in a worst case scenario, be barred from accessing the online financial service or, at a minimum, be forced to proceed with a time-consuming password re-acquisition/re-setting process.
Also, current online financial transaction platforms are generally limited to personal computers, laptops or the like. While in some instances, wireless devices may be used for mobile financial transactions. These devices are somewhat limited in terms of their capability to support another authentication mechanism other than a conventional alpha-numeric password.
Therefore, a need exists to develop methods, systems, computer program products and the like which provide for secure user authentication for applications being executed on gaming console devices, such as online financial service applications or the like. The desired methods, systems and the like should supplant the use of conventional alpha-numeric passwords and reduce the threat from password attacks due to users/customers storing passwords insecurely. In this regard, the desired methods, systems and the like should be less susceptible to being replicated and/or less susceptible to being intercepted. Additionally, the desired methods, systems and the like should be easier for the user/customer to remember, thereby lessening the likelihood that the authentication mechanism is forgotten.