Fraud & Identity Fraud & Identity


Fraud & Identity Featured Article


Will Continuous Authentication Protect Mobile Banking Users?

March 06, 2017
By Special Guest
Ryan Zlockie, Global Vice President of Authentication, Entrust Datacard

Traditional two-factor authentication, while very effective for replacing simple passwords from a security standpoint, can lead to introducing some friction into the user experience.  Depending on the type of two-factor solution implemented, users may still have to remember and enter their passwords each time they log into an account, and often have to answer a handful of security questions. In other instances, a user might have to reference an SMS message or token passcode to verify.  All two-factor solutions are not created equal and some are more seamless and secure than others. But no matter the option, two-factor authentication adds time and friction to the online and mobile banking user experience.


Recognizing the drawbacks of traditional two-factor authentication, mobile banking will take steps to instead move toward advanced adaptive with continuous authentication capabilities and the switch will likely have widespread implications for mobile banking users. In addition to a more seamless user experience, advanced adaptive and continuous authentication offers the opportunity for increased security.

More seamless user experience

Unlike the obvious requirements of two-factor authentication, advanced adaptive authentication will push authentication factors below the interface level, meaning the user experience doesn’t need to be interrupted by security measures. For example, advanced adaptive authentication has the ability to discreetly monitor how quickly a user is typing on his or her keyboard, or how much pressure is being applied to the screen to ensure the correct user is in possession of a trusted device.  These new capabilities pave the way for continuous authentication which not only addresses security around a logon or access event, but continues monitoring parameters during a user online session to provide added security throughout the duration.

Ultimately, advanced adaptive and continuous authentication will be more convenient for users than solely relying on two-factor authentication, as they don’t need to re-enter passwords – or remember passwords and answers to security questions – each time they log into a mobile banking app.

Increased security

Rather than requiring a password or answers to security questions, continuous authentication works by monitoring device and user behavior throughout a session – such as application activity patterns, user behavioral characteristics and even facial recognition or how a user holds his or her device. Over time, monitoring user behavior and other metrics leads to a collection of data that can more accurately determine if the device is trusted and if the correct person is using the device. The advanced authentication capabilities can understand anomalies based on prior usage patterns that flag when a user’s actions or behavior seem abnormal. It’s a more artificial intelligence-based form of security.

Advanced adaptive capabilities provide a greater degree of intelligence about what’s going on without asking users for a PIN or password. Relying on identity analytics and behavior biometrics decreases risks associated with passwords getting compromised, mobile banking users having the same password across various accounts and other related risks. While two-factor authentication has been deployed to address widespread credential breaches for the enterprise, mobile banking has continued to face risks associated with fraudsters compromising both passwords and responses to security questions.

While the benefits of advanced adaptive and continuous authentication are clear, it will take some time before all of these benefits are recognized.  Organizations need to plan for these new types of technologies and examine how they can enable new types of services to be introduced and rolled out to customers. It’s ultimately about unlocking value and providing a superior customer experience, while not foregoing security. As the path to continuous authentication becomes more clear, platform providers need to work together with application providers to develop standards for handling new types of communication that are not only event-based, but persistent.

About Ryan Zlockie

Ryan Zlockie is the global vice president of authentication for Entrust Datacard. He leads the company’s global software product efforts, as well as the authentication business segment. He has more than 17 years of experience in security technology for global, midsize and startup companies. Before joining Entrust Datacard in 2011, Zlockie held vice president positions at L-1 Identity Solutions where he focused on identity and security with an emphasis around biometric technology. He holds an MBA from the University of Southern California and a bachelor’s in marketing from Rider University.


Article comments powered by Disqus






Industry Insights

(MobileID) Proactive Fraud Prevention

Interconnect-related fraud such as International Revenue Share Fraud (IRSF) and PBX hacking fraud continue to be a billion dollar problem to the telecom industry.

(Defender Shield) Defense solutions for the modern SMS ecosystem

SMS is a ubiquitous communication method for person-to-person (P2P) text messaging, which has been in use globally for nearly 20 years.

(Defender Shield) Preventing Grey Routes and the Multi-billion dollar Threat

The convenience of mobile messaging has brought communication efficiency to billions of consumers worldwide. As is often the case with widely accepted technologies; however, convenience can provide a vulnerable gateway to fraudulent activity.

Product Documents

Asset Protect

While unlimited or high-volume voice and SMS plans offer great value to subscribers, sometimes fraudsters exploit these plans to avoid paying termination and interconnect fees.

Defender Shield

In a world with ever-increasing Application-to-Person (A2P) messaging needs and competition, improving customer satisfaction and eliminating revenue leakage is key for protecting SMS profits.

MobileID

Accurate and cost-efficient routing of voice calls and SMS is critical. Unfortunately, gathering reliable routing data on ported numbers and keeping up with constant changes in number plans is expensive and time-consuming.

Fraud Solutions

Communications fraud is a $20B annual global problem and growing. Companies are looking for peace of mind so that their business and their customers are protected from the onslaught of technology crime that is damaging their reputations and their balance sheets.