Briefly outline how out-of-band verification can be used to augment the level of security in banks.
In financial transactions done over the internet it is essential that the information being exchanged between the person making the payment and the bank is not accessible by a third person. A customer can verify their identity by the use of a password to start the transaction. Most payment gateways require the use of multiple passwords to ensure that only the person that owns the account is able to transfer any funds from it. The information exchange is encrypted to ensure that even if a third person had access to data stream they would not be able to extract any information from the 1s and 0s being exchanged.
Though strong encryption methods have made online financial transactions relatively secure these are not sufficient to prevent losses occurring due to the presence of malicious software on the device being used for the transaction. A computer virus or similar malware can alter the information after a request is initiated by the account holder. This could be used to alter the amount of money that is transferred or the recipient of the funds being transferred.
Out of band verification is one that involves verification by means that employ networks other than the data stream between the account holder and the bank. One way of doing this is by making a phone call to the account holder's registered phone number or by sending a one time password to the phone that has to be entered to complete the transaction. Out of band verification is the introduction of a second layer of security. A criminal eager to steal funds with this system in place would need access to passwords of the account holder as well as be able to track calls and messages made to their phone.