What is Out-of-Band Authentication?
By definition, Out-of-Band Authentication is the use of two separate networks working simultaneously to authenticate a user. Out-of-Band Authentication works well because even if a fraudulent user gains all security credentials to a user's account, a transaction cannot complete without access to the second authentication network.
In Authentify's case, this means using the phone to verify the identity of the user involved in a web transaction. Phone-based out-of-band authentication works well because:
• No additional hardware, software or training is required for the end user
• Users already carry phones and keep close track of them
• Phone communication can occur in true real time
• Phone authentication can require interaction with a human being
• The Public Switched Telephone Network (PSTN) is a secure network
• The authentication process can be "closed-loop" with certainty of completion
• A strong, humanly understandable audit trail of the transaction is captured
Out-of-band authentication using the phone also enables rightful account owners to be made aware of attempts to breach their accounts. If an account is protected by phone-based out-of-band authentication, the user will receive a call to authenticate a large dollar transaction before it completes. If the rightful account owner is not involved in the web transaction, he or she cannot complete the phone-based authentication and the fraudulent transaction will be cancelled before losses are incurred.