Shareholder Authentication (published 2015)

• Table of Contents
• Introduction
  • Universe of Transactions
    • Nature of Participants in Shareholder Transactions
    • Types of Shareholder Transactions
    • Means of Transmission of Transaction Requests
• Authentication In Theory
  • Principles of Authentication
    • The First Authentication Factor: What You Know
    • The Second Authentication Factor: What You Have
    • The Third Authentication Factor: What You Are
    • Multi-Factor Authentication
    • Non-Traditional Authentication Factors
    • Mutual Authentication
    • Positive and Negative Authentication Factors
  • Limitations of Authentication
    • Limitations of Authentication Measures in Common Use
    • Limitations of Authentication Measures Generally
• Authentication In Practice
  • Technological Solutions
    • Shareholder Knowledge
    • Hardware and Software Tokens
    • Biometrics
    • Behavioral Patterns
    • Protection of Authenticated Sessions
    • Authentication of Devices
    • Authentication of Transactions
    • Authentication of Fund Groups (Mutual Authentication)
  • Operational Initiatives
    • Overall Threat Environment
    • Risks Associated with Authentication Systems
    • Risks Associated with Particular Transactions
    • Potential Legal Consequences of Transactional Fraud
    • Limiting Potential for Damage from Fraudulent Transactions
    • Protection of Online Transaction Systems
  • Educational Efforts
    • Employee Training and Awareness
    • Shareholder Awareness
• Insurance
• Glossary
• Further Reading

Many fund groups train their employees with respect to information security, often at regular intervals. As regards shareholder authentication, such training may assist employees to understand and identify potential threats to transactional integrity. Thus, for example, such training may help employees to identify fraudulent e-mails (including spear phishing e mails that target specific employees) and other social engineering attempts to conduct fraudulent transactions.

One fund group consulted for this study reported that it provides its customer service representatives with specific training to assist them in identifying potentially fraudulent transactions. Of particular note is the fund group’s effort to train representatives not to divulge information that a shareholder should reasonably be expected to already know (such as the shareholder’s address or the name of the shareholder’s bank)—thereby effectively directing its customer service representatives to be helpful, but not too helpful.