How Payfone Can Prevent Email Phishing Hacks and Improve Cyber Security
NEW YORK, NY – May 18, 2017 – As cyberattacks and hacking incidents continue to flood the news, Payfone, an identity authentication leader that verifies 10 million transactions a day for top financial, healthcare and governmental organizations, reveals how their instant authentication solution can protect consumers from email phishing and account takeover attacks such as the recent Starbucks mobile app hack and France’s Macron campaign data dump.
“These types of cyber security hacks can be prevented by implementing Payfone,” said Rodger Desai, Payfone’s CEO. “The most effective way for email providers and other service providers to secure their platforms and protect their users’ privacy is to enable Payfone’s instant authentication capability.”
The core problem with email security is that most email accounts can still be accessed by typing in a username and password. That’s because many email providers (including many internal corporate email systems) do not enable multi-factor authentication. Although some email providers like Gmail do allow for a second factor of authentication like receiving an SMS text with a code, most users don’t enable this additional layer of security, and even if they do, as we saw with last month’s SS7 hack, these measures are surprisingly easy to get around. When someone signs into your email account from another device, the email provider sends you a one-time code to type in to verify that it’s really you. Yet, hackers can easily eavesdrop in on the method you chose to receive the code to intercept it.
If cyber criminals can phish our email passwords and also get around our secondary authentication methods, how can we protect ourselves?
Payfone’s instant authentication solution (see infographic below) leverages the SIM card in the user’s mobile phone to authenticate the user and verify that the URL link contained in the SMS was clicked on the intended phone. The SIM card is a self-contained, multi-factor cryptographic device that is immune to both operating system level attacks and SS7 routing attacks.
With Payfone, an attacker trying to log into your email account would not only need to know your username and password, they would also need to be in possession of your phone. In the event that an attacker intercepted the SMS message, Payfone would know that the link was not clicked on your correct phone. Clicking the link on any other phone, laptop or server would fail authentication.
Payfone uses its proprietary technology to instantly authenticate customers using the digital identity inherent in each mobile phone. Investors include RRE Ventures, Opus Capital, Relay Ventures, Early Warning Services, American Express Ventures, Verizon Ventures, Rogers Venture Partners, BlueCross BlueShield Venture Partners, Andrew Prozes, Strauss Zelnick, Maclab Development Group and Transaction Network Services. Business Insider Intelligence recently highlighted Payfone’s Series E round of funding as one of the top 10 US VC-backed fintech deals of Q1 2017. www.payfone.com