Future of Authentication 2020

Issue link: https://raconteur.uberflip.com/i/1243008

Contents of this Issue


Page 4 of 19

R A C O N T E U R . N E T 05 type in because there typically isn't encryption at the key-stroke level and data is in transit [and so vul - nerable] from the time you start typ- ing your password," he says. "We're going to use passwords for quite some time because, from a security point of view, the whole system out there is just so complex." So does the password have any future, especially given the advent of the internet of things, which only looks like making cyberse - curity breaches more widespread? "Passwords won't go away com- pletely, but I think we have to expect more multi-factor authentication, though that still needs to be conven- ient to use, while offering a sensible level of security to carry the public with it," says Oxford's Nouh. This layered security approach is unlikely to come in the form of biometrics, which are themselves not completely secure and, when stolen, irreplaceable, unlike a pass- word. Or at least not just biometrics. What's needed, Lindermann con- tends, is however secure sites are accessed, we're tied to a device that can be used to identify us. And this is a device most of us already carry and increasingly use to access the internet anyway: our smartphones. We're increasingly used to receiv- ing confirmation text messages when working through security. But now such devices also operate their own fingerprint or facial recogni- tion systems. Features limited to high-end, expensive phones just five years ago are increasingly common- place and accessibly priced. Since Microsoft launched its Windows 10 operating system last year, such password-free authenti- cation is starting to come to desk- tops too. Device geolocation – if users are willing to share such infor- mation – is potentially another added layer of security. Indeed, in a sense this more efficient device-led proposal is akin to the way in which an ATM requires both PIN number and the physical bank card. Or the way in which Estonia, for example, has developed its e-Identity system, which provides all citizens with a chip-and-pin e-card designed to authenticate an individual's digital identity. Lindermann says: "It's a mat- ter of leveraging these devices in the right way and in a consistent way; one that allows users to chose the modality – they can still use a PIN if they're not comfortable with trusting their biometrics [to a third party] – but which ties their iden- tity to the specific device, a capabil- ity that can be off-loaded to devices we don't own on the rare occasions that's needed. It works because peo- ple want a much easier engagement with business that have secured sites and the ease of use is better for business too." Andrew Shikiar agrees. He's the executive director of the FIDO Alliance, a consortium of tech secu- rity companies pushing for the cre- ation of an industry standard to address security interoperability between devices and so far supported by big guns the likes of American Express, Amazon and Google. "Passwords are the tip of the spear of the data-breach problem," says Shikiar. "But the fundamen- tal problem is the [online security] architecture itself. Using devices would not only give a better user experience – people are already used to unlocking their phones using biometrics – but it would get rid of scaleable cyber attacks. It would necessitate a behavioural change, but we have to break our dependence on passwords." He's betting on that happening soon. He reckons the majority of mainstream consumer services online will have a password-free means of accessing them within five years. Source Commercial feature he COVID-19 pandemic has triggered an explosion in digital fraud. The UK's national fraud reporting centre has received thousands of reports of phishing attempts that exploit people's fears of coronavirus. The health crisis has illuminated a prevailing misconception that authenti- cation is all about security. Wiser busi- nesses, however, know security mustn't jeopardise customer experience. And delivering it in a customer-centric, frictionless way necessitates smart onboarding and authentication. Needless to say, this isn't easy. Authentication is not a single event anymore; it's a journey that flows from customer onboarding to mobile, web Blunt truth about authentication: it's not just about security Customer-centric businesses prioritise a frictionless user experience as well as protection of consumers from fraud and contact centre authentication, to account recovery. Using multiple solu- tions for each step makes seamless- ness all but impossible. "The truth is most identity platforms are very secure, but some unintention- ally add unnecessary friction to the user experience," says Clive Bourke, president, Europe, Middle East, Africa and Asia-Pacific, at Daon, which devel- ops and deploys customer onboarding and authentication solutions. "When a company puts out a request for a new customer identity solution, too often the specifications revolve more around secure authentication and less customer engagement or how the customers are registered in the first place." Companies will benefit from a single platform that connects all channels and stages of their customer identity life cycle. Daon has pioneered methods for securely and conveniently combin- ing biometric and identity capabilities across multiple channels. Its IdentityX ® platform orchestrates the creation, authentication and recovery of a user's identity and allows businesses to con- duct transactions seamlessly with any end-customer. With this approach, security and ease of use need no longer be opposing pri- orities. US financial services firm USAA has reported zero evidence of mobile channel fraud while simultaneously achieving the highest net promoter score in banking for the tenth consec- utive year. Atom bank has personalised and streamlined onboarding and authen- tication for its customers, register- ing their face, voice and a PIN when onboarding them and then using the biometrics to authenticate them easily later. "Prioritising security and cus- tomer service is fundamental," says Rana Bhattacharya, chief technology officer at Atom bank, the UK's first bank built exclusively for mobile and the num- ber-one rated UK bank on Trustpilot. "We exist to create better customer outcomes and want to take the worry, frustration and pain of existing pro- cesses away for our customers by offering them the best possible expe- rience when using our products. We're constantly listening to our customers' feedback, which is invaluable to us and we use this feedback to make things better for them." Sumitomo Mitsui Financial Group (SMFG) is monetising these services through Polarify, a joint venture with SMFG, Daon and NTT Data that pro- vides Electronic Know-Your-Customer (e-KYC), or onboarding, and authentica- tion as a service in the Japanese market. "The speed with which the digital market is changing in Japan is phenom- enal and users are demanding friction- less and security in equal measure," says Polarify chief executive Tomohiro Wada. "We now have dozens of cus- tomers doing cross-channel onboard- ing and authentication, which proves the demand for solving this problem." Daon advises companies to start with digital onboarding, allowing customers to open an account on a mobile app or web browser, anytime, anywhere. This can be secured by three-dimensional facial biometrics that detect fraudu- lent presentation attacks, and the user- friendly process completes in minutes. Next, banks should solve authen- tication issues across all channels, including the contact centre, which is often the biggest challenge. By bring- ing voice biometrics and other factors to their customers, they can prevent fraud losses, reduce their average call time by 25 to 45 seconds, con- tain more calls within interactive voice response and deliver markedly better customer experiences, in addition to better security. "The smart companies understand it's about security and a frictionless experience for their customers," says Daon's Bourke. "Now they are focus- ing on orchestrating a consistent onboarding and authentication capa- bility that can be reused across brands to deliver seamless cross-channel user journeys to their customers." For more information please visit www.daon.com T of respondents reported 'high' to 'very high' increases in customer satisfaction benefits as a result of deploying biometrics Goode Intelligence Survey of Global Financial Services Organisations reported a 'very high' increase in their Net Promoter Score as a result of deploying biometrics cost savings from using a well- orchestrated cross-channel onboarding and authentication platform BETTER CUSTOMER ENGAGEMENT INCREASE TO NET PROMOTER SCORE 62 45 $10m % % 80% 59% Verizon 2010 LastPass/Lab42 2018 of hacking-related security breaches are a result of weak or compromised credentials of people use the same password across multiple accounts

Articles in this issue

Links on this page

Archives of this issue

view archives of Raconteur - Future of Authentication 2020