REDWOOD CITY, Calif., June 6, 2024 – Phishing accounts for nearly 36% of all data breaches, according to recent reporting. The growing threat prompted the White House to issue a mandate requiring all federal agencies to adopt phishing-resistant multifactor authentication (MFA) before October 2024. To better equip the payments industry against these fraud schemes, the U.S. Payments Forum today releases a white paper outlining the immediate steps stakeholders can take to mitigate phishing risk. This includes reducing the use of potential weak points such as passwords, legacy MFA, and one-time passwords (OTP) and supporting the adoption of advanced authentication methods and improved security standards.
The resource, “Strengthening the Security of Consumer Authentication through Phishing-Resistant Multi-Factor Authentication,” is available for download on the Forum’s website.
Interested parties will gain insight into various phishing-based MFA bypass schemes, such as social engineering, OTP relays and the use of bots and phishing kits. The deployment of generative AI to bolster the payments fraud landscape is also within the scope of the white paper.
Additional insights include an overview of:
- Phishing-resistant MFA solutions like FIDO2 specifications utilizing device-bound keys, eliminating the need for passwords
- Public Key Infrastructure (PKI)-based authentication
- Advanced behavioral analytics deployed across the customer journey
The white paper was developed by the Forum’s Payments Fraud Working Committee. Organizations, associations, government agencies and individuals interested in participating in upcoming Forum projects can visit the Secure Technology Alliance’s website to learn how to become a member. By joining the Secure Technology Alliance, members will have access to activities within the U.S. Payments Forum and additional Alliance-affiliated organizations.
About the U.S. Payments Forum
The U.S. Payments Forum is a cross-industry body that brings stakeholders together on neutral ground to enable efficient, timely and effective implementation of emerging and existing payment technologies. This is achieved through education, guidance and alternative paths to adoption. The Forum is the only non-profit organization whose membership includes the whole payments ecosystem, ensuring that all stakeholders have the opportunity to coordinate, cooperate on and have a voice in the future of the U.S. payments industry. The organization operates within the Secure Technology Alliance, an association that encompasses all aspects of secure digital technologies.
About the Secure Technology Alliance
The Secure Technology Alliance is the digital security industry’s premier association. Through its U.S. Payments Forum, Identity and Access Forum and its collaborative working groups, the Alliance fosters open dialogue among industry stakeholders to explore and develop secure technology innovations in the payments, identity and access markets. By collaborating on education and guidance, the Alliance helps enable efficient, timely and effective implementation of large-scale, disruptive technologies. For more information, please visit https://www.securetechalliance.org.
Contact
Sherlyn Rijos-Altman
Montner Tech PR
203-226-9290