We recently teamed up with Finextra, InAuth and Acuity Market Intelligence, to take part in a webinar entitled “The evolution of six-factor authentication to tackle mobile banking fraud”. As mobile banking fraud evolves, new methods of authentication are required to counteract identity theft, account takeover or financial transaction manipulation, amongst other threats.
Coupled with new regulations and the greater focus on customer satisfaction, we ask whether ‘frictionless’ is really the goal, or whether a more fluid ‘device plus biometrics’ step-up / step-down model is better suited.
Download our Six Factor Authentication piece here:
Missed the webinar? Here are our five key takeaways:
1 – There is a paradigm shift in authentication
We are seeing a rapid shift from a rules-based approach to authentication to a risk-based approach. No longer does a binary yes/no matching of a password or PIN suit today’s variable approach to risk assessments, as we witness the growing adoption of scenario-based threshold models. This is driven by need for flexible security, a desire to improve the customer experience and regulation.
2 – Fraud is becoming increasingly sophisticated, so a rapid response is required
Fraud is evolving like a disease. Very quickly, even recent authentication developments such as OTPs and 2FA are becoming unfit for purpose. By drawing on six factors of authentication – InAuth Device (permanent device ID), InAuthenticate (encrypted in-app messaging), InBio (fingerprint ID), and biometrics modules AimFace, AimVoice and AimBehaviour), banks can configure layers of security where they are needed, to combat against all known types of fraud from manual to machine-based.
3 – Customer-centric model is placing undue pressure on banks
New mandates, such as real-time payments, have the customer experience at their heart, but are putting pressure on banks to authenticate both the device and the individual, and step-up security if required, instantly. A 6FA approach can quickly give banks the tools to adhere to new customer-facing regulations, apply variable risk-based scenarios to different transactions, and provide a smooth, flexible passive authentication experience for the customer; stepping up to active if required.
4 – Digital banks can respond faster, but traditional banks have the intel
It’s widely assumed that digital banks will have the edge to implement new authentication solutions, due to their newer architectures and systems. However, traditional banks will be able to benefit from the vast amounts of customer data that they hold in ways that newer banks can’t. Existing voice or facial data for example can be used to pre-enrol customers for biometric options for example, and larger banks have the data and funding to make more informed decisions.
5 – Collaboration is key
No authentication module or solution should exist in isolation, and a combination of device authentication AND user authentication is far greater than the sum of its parts. True strength lies when partnerships are forged to provide broader offerings, from which an enterprise can customise its approach to authentication across multiple scenarios.