Out of wallet

Last updated

Out of Wallet (sometimes abbreviated as OOW) refers to private data used for authentication in activities such as telephone banking or internet banking to prevent identity theft. [1] The practice may part of a knowledge-based authentication process.

Authentication act of confirming the truth of an attribute of a datum or entity

Authentication is the act of confirming the truth of an attribute of a single piece of data claimed true by an entity. In contrast with identification, which refers to the act of stating or otherwise indicating a claim purportedly attesting to a person or thing's identity, authentication is the process of actually confirming that identity. It might involve confirming the identity of a person by validating their identity documents, verifying the authenticity of a website with a digital certificate, determining the age of an artifact by carbon dating, or ensuring that a product is what its packaging and labeling claim to be. In other words, authentication often involves verifying the validity of at least one form of identification.

Telephone banking is a service provided by a bank or other [financial institution]], that enables customers to perform over the telephone a range of financial transactions which do not involve cash or documents, without the need to visit a bank branch or ATM. Telephone banking times are usually longer than branch opening times, and some financial institutions offer the service on a 24-hour basis. However, some banks impose restrictions on which accounts may be accessed through telephone banking and usually limit the amounts that can be transacted.

Identity theft is the deliberate use of someone else's identity, usually as a method to gain a financial advantage or obtain credit and other benefits in the other person's name, and perhaps to the other person's disadvantage or loss. The person whose identity has been assumed may suffer adverse consequences, especially if they are held responsible for the perpetrator's actions. Identity theft occurs when someone uses another's personally identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. The term identity theft was coined in 1964. Since that time, the definition of identity theft has been statutorily prescribed throughout both the U.K. and the United States as the theft of personally identifying information, generally including a person’s name, date of birth, social security number, driver’s license number, bank account or credit card numbers, PIN numbers, electronic signatures, fingerprints, passwords, or any other information that can be used to access a person’s financial resources.

Ideally, out of wallet information is easily recallable by a user but obscure to most other persons and difficult for them to uncover. Prompts for out of wallet questions are now often generated automatically through convergence of databases containing users' financial transactions, vehicle registrations, and other records. [2]

Database organized collection of data

A database is an organized collection of data, generally stored and accessed electronically from a computer system. Where databases are more complex they are often developed using formal design and modeling techniques.

Typical out of wallet questions a user may be asked include:

  1. What was the color of your first car?
  2. What is the name of the first school you attended?
  3. What is the name of the hospital you were born in?

Such information is available to a database compiler but may not be readily available to criminals attempting to commit identity theft. [2]

Related Research Articles

Password used for user authentication to prove identity or access approval

A password is a word or string of characters used for user authentication to prove identity or access approval to gain access to a resource, which is to be kept secret from those not allowed access.

Smart card pocket-sized card with embedded integrated circuits

A smart card, chip card, or integrated circuit card (ICC) is a physical electronic authorization device, used to control access to a resource. It is typically a plastic credit card sized card with an embedded integrated circuit. Many smart cards include a pattern of metal contacts to electrically connect to the internal chip. Others are contactless, and some are both. Smart cards can provide personal identification, authentication, data storage, and application processing. Applications include identification, financial, mobile phones (SIM), public transit, computer security, schools, and healthcare. Smart cards may provide strong security authentication for single sign-on (SSO) within organizations. Several nations have deployed smart cards throughout their populations.

RSA SecurID, formerly referred to as SecurID, is a mechanism developed by Security Dynamics for performing two-factor authentication for a user to a network resource.

Single sign-on (SSO) is a property of access control of multiple related, yet independent, software systems. With this property, a user logs in with a single ID and password to gain access to any of several related systems. It is often accomplished by using the Lightweight Directory Access Protocol (LDAP) and stored LDAP databases on (directory) servers. A simple version of single sign-on can be achieved over IP networks using cookies but only if the sites share a common DNS parent domain.

A security token is a physical device used to gain access to an electronically restricted resource. The token is used in addition to or in place of a password. It acts like an electronic key to access something. Examples include a wireless keycard opening a locked door, or in the case of a customer trying to access their bank account online, the use of a bank-provided token can prove that the customer is who they claim to be.

Shibboleth (Shibboleth Consortium) Internet identity system

Shibboleth is a single sign-on log-in system for computer networks and the Internet. It allows people to sign in using just one identity to various systems run by federations of different organizations or institutions. The federations are often universities or public service organizations.

OpenID open authentication standard

OpenID is an open standard and decentralized authentication protocol.

A Google Account is a user account that is required for access, authentication and authorization to certain online Google services.

Electronic authentication is the process of establishing confidence in user identities electronically presented to an information system. Digital authentication or e-authentication may be used synonymously when referring to the authentication process that confirms or certifies a person's identity and works. When used in conjunction with an electronic signature, it can provide evidence whether data received has been tampered with after being signed by its original sender. In a time where fraud and identity theft has become rampant, electronic authentication can be a more secure method of verifying that a person is who they say they are when performing transactions online.

A security question is form of shared secret used as an authenticator. It is commonly used by banks, cable companies and wireless providers as an extra security layer.

Credit card fraud

Credit card fraud is a wide-ranging term for theft and fraud committed using or involving a payment card, such as a credit card or debit card, as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. Credit card fraud is also an adjunct to identity theft. According to the United States Federal Trade Commission, while the rate of identity theft had been holding steady during the mid 2000s, it increased by 21 percent in 2008. However, credit card fraud, that crime which most people associate with ID theft, decreased as a percentage of all ID theft complaints for the sixth year in a row.

Multi-factor authentication (MFA) is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence to an authentication mechanism: knowledge, possession, and inherence.

Knowledge-based authentication, commonly referred to as KBA, is a method of authentication which seeks to prove the identity of someone accessing a service such as a financial institution or website. As the name suggests, KBA requires the knowledge of private information of the individual to prove that the person providing the identity information is the owner of the identity. There are two types of KBA: static KBA, which is based on a pre-agreed set of shared secrets, and dynamic KBA, which is based on questions generated from a wider base of personal information.

Microsoft account a user account that provides access to Microsoft-owned services

A Microsoft account or MSA is a single sign-on Microsoft user account for Microsoft customers to log into Microsoft websites, devices running on one of Microsoft's current operating systems, and Microsoft application software.

Social login is a form of single sign-on using existing information from a social networking service such as Facebook, Twitter or Google+, to sign into a third party website instead of creating a new login account specifically for that website. It is designed to simplify logins for end users as well as provide more and more reliable demographic information to web developers.

Dashlane is a password manager app and secure digital wallet. The app is available on Mac, Windows, iOS and Android. The app's premium tier enables users to securely sync their data between an unlimited number of devices on all platforms. A free version is available, with syncing disabled after the first month. By default, the wallet is stored on the company's servers, but there is an option to keep it on the user's device instead.

Identity interrogation is a method of authentication or identity proofing that involves posing one or more knowledge-based authentication questions to an individual. Identity interrogation questions such as "What is your mother’s maiden name?" or "What are the last four digits of your social security number?" This questioning process requires individuals to reveal personally identifiable information (PII) in order to prove his or her identity. It is a method businesses use to prevent identity theft or impersonation of customers.

Google Pay mobile payments platform

Google Pay is a digital wallet platform and online payment system developed by Google to power in-app and tap-to-pay purchases on mobile devices, enabling users to make payments with Android phones, tablets or watches.

References

  1. "Out Of Wallet | Credit Bureau Connection". www.creditbureauconnection.com. Retrieved 2015-07-06.
  2. 1 2 "Certain ID - ID Analytics" . Retrieved 2015-07-06.


This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.