With the increasingly sophisticated nature of cybercrime, hacking, and financial fraud, This may be the most important set of issues facing the financial services industry today. Fintech companies are pioneering new approaches to verifying and managing identity. In strengthening authentication, one avenue being explored is behavioral biometrics. Build out an authentication strategy that enables you to create a comprehensive picture of the user.
Challenges for authentication.
The digital age has always presented challenges for authentication. It was so much easier when people’s identities could be verified face-to-face at a bank branch. User names, passwords, and security questions have been among the most common ways institutions try to determine who is at the keyboard. These traditional approaches are quickly becoming outdated, and less secure. A combination of new tactics and new technology is required to provide protection. At the first layer is a need for more robust authentication. How can banks verify the identity of an account holder? At the second layer, security measures must protect those accounts from unauthorized access.
Importance for both banks and FinTech companies to verify user information
The contact center, IVR, branch, mobile app, and website should share a single, comprehensive, view of the customer. For banks with legacy IT systems, this is difficult– and it can create vulnerabilities. Fintech companies are pioneering new approaches to verifying and managing identity. In some cases, the new technology is for sale to banks and other FIs. In other instances, the fintech company simply makes their own product more secure. And in a growing number of cases, authentication is being provided via banking APIs. In strengthening authentication, one avenue being explored is behavioral biometrics. A good example is the precise tracking of user typing patterns. By looking at factors like typing speed and rhythm, data can be captured for each online or mobile session. This behavioral data pattern becomes one element of a very complex algorithm.
- Physiological biometrics use everything from the shape of a person’s face or hands, to retina scans, to voice verification, in order to identify the person. The panel of experts in San Francisco mentioned cool new technology that uses photo selfies to enable a customer to login.
- Another set of elements contributing to a robust identity profile might include the attributes of trusted devices (like a unique identifier from a commonly used smartphone), sign-in habits, and the geographic location or time of day that certain devices are used.
- And interestingly, social media is even being used to verify identities. For example, are all of a user’s Facebook friends based in another country? Were all of their jobs on LinkedIn held in another country?
- Demographics can be an important starting point when considering how to proceed with managing identity. For example, a service that is targeted to millennials might be a good candidate for making use of social media data.
Build out an authentication strategy that enables you to create a comprehensive picture of the user Incorporate biometrics, geolocation, IP addresses, social media and other data to reduce your risk. Partner with banks and use APIs so you don’t have to build costly security infrastructure yourself.
Password-less BYOD: the Way of the Future
What the financial industry needs is a model that can transcend the user experience-security schism, a solution that can offer both seamless access and strong security. The little known secret is that nearly all employees of financial institutions as well as their clients, already own at least one powerful cryptographic device.
Personal phones can be leveraged into creating a robust and easy to use, password-less authentication system for nearly any financial institutions. Known as “Bring Your Own Device” or BYOD, the system circumvents all of the security and logistical challenges associated with traditional authentication models. All of this leaves enterprise networks safer–and with substantially lower operating costs.
The benefits of integrating the BYOD scheme into networks are essentially three fold:
Better user experience – no one needs to be taught how to use their smartphones. Password-less solutions such as push notifications and similar applications can be streamlined into large scale use with relative ease and speed.
- Minimizing costs – BYOD means users are already equipped with the necessary hardware. This means no need to invest in expensive devices that are needed for other authentication alternatives such as hardware tokens and biometric sensors. Additionally, companies will save on resources that go to help desk calls as well as the employee downtime and man hours of fixing account lockouts and resetting passwords.
- More secured – Tying digital access to a physical device (that users are already carrying around with them) means authentication cannot be attained through credentials alone. Eliminating passwords from the equation means that there is nothing for potential attackers to steel in order to gain illicit access.
- Password-less BYOD is the next big step for the fintech industry. The BYOD approach to authentication is a win win scenario that both supports the authentication needs of the modern financial institution while reducing cost and improving user experience.
