NEW YORK—In the wake of the WannaCry ransomware attack, one cybersecurity expert is saying that more financial institutions should employ two-step authentication.
In an interview with Pymnts.com, Richard Clarke pointed to the standards recommended by FIDO Alliance (Fast IDentity Online), a consortium of several major financial institutions and technology companies. The alliance offers a standards-based ecosystem that uses a wide range of authentication technologies that reduce reliance on passwords and rely instead on biometrics, such as fingerprints and iris scanners and a second-step authentication that relies on a device that users have in their possession, Clarke noted.
Clarke said that adoption of the standards set forth by the FIDO Alliance have taken off in countries like China and Japan. But adoption in the U.S. has been much slower, he told Pymnts.com.
“Banks seem particularly unwilling to adopt and require the two-step authentication, despite the losses they face because of cybercrime. For banks, the cost of adding friction to user experience could mean losing business to rival financial institutions, which renders two-step authentication as not a viable choice,” Clarke told the publication.
A recent report found financial service companies lose an average of $16.53 million each year because of cybercrimes, Pymnts.com noted.
But even with the high costs incurred by cybercrimes, banks are still dragging their feet, Clarke told the news outlet. “The pain point doesn’t seem to be high enough [for banks],” he said.