Zerify Inc (ZRFY)

[Gold49er]

WBCTrader "OBBA is NOT just Text Based"

Out of band authentication OOBA is in short, text based authentication. Meaning you initiate something on computer/smart phone then you will receive a text with a code to verify said transaction.

Your statement stating "OOBA is in short texted based authentication" is blatantly false and totally misleading those reading your post on this Board.

You maybe in the cyber security sector for financial institutions, but it would appear your statements are coming from Ill informed sources.

There are 10's of Article's and Papers that State quite the opposite of your statement.

The following is a quote from just 2 such Sources with the Links below each, fetch fido.

Out of band authentication is a ‘transaction verification’ process with its primary function to confirm that the transaction details originated with the user. It is typically used as part of an online transaction – the person making the transaction using an out of band process to authenticate it.

It is an interactive process that conforms to FFIEC guidance and is particularly suited to authenticating an online transaction, whether that is a session or a transaction within a session.

VoiceVault’s voice biometric out of band authentication solution is phone-based and uses either an out of band call to a user-registered phone number, or uses an Android / iOS smartphone-based app. In this instance, the phone line, or the app, is regarded as being one of the trusted parts of the strong multi-factor authentication process, and the voice biometric element adds yet another factor. This solution leverages the fact that phones and smartphones are ubiquitous and are never far away, and that the use of them is non-invasive, intuitive and has a low user experience impact.

VOICE BIOMETRIC OUT OF BAND AUTHENTICATION

Just how does out-of-band authentication work? Here are some examples:

Text messages
When an authentic customer logs in to a financial website with a username and password successfully, the user is prompted to click a button to send a numeric code via SMS to the cell phone number on record at the bank. The user receives the one-time code on the cell phone and enters it on a second secure Web page and clicks the "verify code" button to confirm the correct user is in fact at the other end of the phone.

With this type of out-of-band authentication system in place, even if an aspiring criminal were to obtain a customer's username and password, the account compromise attempt would be thwarted because the attacker would be unable to receive the one-time code sent to the customer's cell phone. Should this scenario play out, the customer would receive a cell phone call by the application, alerting him or her to the attempted fraud. This enables the customer to contact the financial institution and report the attempted unauthorized access.

Telephone
Another out-of-band authentication scenario would involve the same set of steps with the legitimate user logging into the financial website, but instead of receiving a text message, the user would be asked to initiate a call back by clicking on a button on the Web page. This method requires the customer to use the telephone associated with the phone number on file with the financial institution as a second form of authentication.

The financial institution's out-of-band authentication server calls the customer and a voice prompt asks the user to recite a word or enter a numeric code presented on the financial Web page. If the customer is indeed initiating the authentication, he or she will easily pass the challenge by simply reciting the word or entering the code using the dial pad. Without access to the customer's phone, a malicious user would be thwarted.

More sophisticated schemes may even feature biometric voice recognition, in which the user's voice is matched to a known voice print on record. This particular technology choice demands that the user allow the financial institution to keep a voice print on file to confirm or prove the authenticity of the end user.

Out-of-band authentication: Methods for preventing fraud


$SFOR SFOR