Although the FFIEC advices against it, many banks, particularly in the USA, still use single factor authentication for most, if not all of their services. The banks do, however, implement a number of pattern and behaviour matching in an attempt to find account fraud and identity theft. This is somewhat reassuring until you realise that bank staff, and government agency employees, have been known to loose laptops with customer data, and worse still, not follow their own corporate policies on data protection.
Fraud and identity theft protection is a consumer, as well as corporate issue. In my day job I focus on the corporate solutions, but there are consumer solutions out there too. One consumer solution of note is Life Lock, which provides some novel approaches to tackling this problem. These include registering, and continually registering, fraud alerts with credit bureaus, monitoring address changes and a $1,000,000 guarantee to cover costs of restoring things to their proper state if a fraud does take place. The fact that they can put an end to getting those annoying pre-approved credit letters may well be the most significant immediate value for some.
One of the interesting automated services provided is the recently announced eRecon, which trawls the murky underbelly of the Internet to see if your personal information, or a snippet of same, shows up in the identity thieves’ marketplaces. I guess you could call it the Black Ops of identity theft protection.
My point is that not only is multi-factor authentication a must, but multi-factor identity protection, both corporate and consumer, is a must in the information age.