Identity Authentication Leaps Forward With Mobile Devices
When was the last time you stood in line at a bank? It’s probably been a while.
Instant payments, paperless check deposits and one-touch transfers have made online banking wildly popular with customers. And as virtual banking grows, the threat of fraudulent payments and identity theft rises as well.
Financial transactions have always been a popular target for thieves, although the nature of the threat has changed over time. Mike Groat, partner executive at Daon, a CSC partner that supplies identity assurance software for CSC’s ConfidentID Mobile platform, says it’s more profitable today to conduct financial fraud electronically.
“Financial institutions face a number of threats, and adding online and mobile banking increases the number of potential avenues for thieves,” Groat says. “You have direct assaults on a financial system as well as ‘man-in-the-middle’ attacks that try to get between customers and banks. That is becoming more prevalent with the use of mobile devices.”
Fraud isn’t limited to hackers pounding on a bank’s firewall. Sometimes it’s an inside job, Groat says. “Some of the largest losses come from employees who misuse funds, engage in unauthorized after-hours trading or [make] transactions that don’t follow policy,” he says.
Despite the risks, the popularity of online and mobile banking services (and attendant cost savings for banks) means that financial institutions will continue to develop and extend them, even as the variety and sophistication of cyberattacks grow.
Does mobility equal security?
On the one hand, the use of smartphones and tablets provides more devices for cybercriminals to target with malware and Trojan apps that go after sensitive personal and financial data. Conversely, those very same devices are playing an increasing role in making mobile banking the most secure channel.
Geoffrey Weiss, director of channel solutions for banking and credit services at CSC, says that having a second, independent device involved in a transaction improves fraud deterrence. “For example, while you’re making a money transfer on your computer, this other device that’s not a party to the transaction or ‘out of band’ can verify your action,” Weiss says.
That’s just the start, Weiss says. Smartphones are becoming more capable with each revision, with more processing power and onboard features that can be used to verify a person’s identity with certainty.
“This allows us to verify a person’s identity based on more than one factor,” Weiss adds. “The most secure solution combines several checks. If you put together something you know, like a PIN, something you have like a phone, and physical characteristics like voice recognition, and even where you are, that is the basis for a secure transaction.”
You’re holding the answer
Collecting all those factors in an easy-to-use way makes today’s smartphone the perfect platform for verifying an individual’s identity. Solutions such as CSC’s ConfidentID Mobile use mobile devices to perform identity verification for transactions conducted on that device, or as an additional check for Web-based transactions.
Facial recognition is managed by the onboard camera while the microphone picks up the spoken PIN. The number is verified, as well as the speaker’s voice. Ownership of a device can be confirmed to correspond with an account holder. Location matters, too. Using the built-in GPS receiver, location can be compared to an owner’s address. If you usually circulate around Atlanta but a transaction request is on a mobile device not registered to you and located in, say, eastern Asia, that raises a red flag.
Liveness is another factor that today’s powerful devices can tackle. Every voice has unique speech patterns, tone and timbre that can be analyzed. Your face does, too. Adding a factor of liveness to the mix eliminates the possibility that someone could employ low-tech covert tactics such as a voice recording or a static picture to spoof the system.
There’s more to come, too. Todd Hawkins, CSC’s director of Identity Management Business Initiatives and ConfidentID portfolio manager, anticipates that smart devices will gain the ability to perform more verifications as onboard hardware improves. “Within a generation or two, we’ll have cameras on phones with enough resolution to take a picture of your iris to verify your identity,” Hawkins says.
“We are using mobility to secure the mobile channel, as well as, using the mobile channel to secure more traditional channels like logical, remote and physical access,” he says.
Transparent authentication is the key
Using built-in capabilities such as the camera, microphone and touch-screen is critical to the success of identity authentication for consumer applications such as mobile banking.
Weiss says that any solution aimed at improving the security of financial transactions has to be seamless. It has to be familiar and easy to use,” he says. “That’s the advantage of ConfidentID on a mobile device. Solutions that rely on special hardware you have to add or configure create cost barriers and usability barriers.”
Hawkins agrees. “When you consider how much special hardware it used to require to perform biometric authentication, it’s easy to see why it wasn’t suitable for this type of application. Mobile devices remove many of those barriers.”
That advance, Hawkins says, has laid the foundation for an easy-to-use, multifactor solution for high-risk transactions that requires nothing more than the device you’re holding in the palm of your hand.
“ConfidentID Mobile ensures that you are who you say you are. Beyond a shadow of a doubt.”
Dale Coyner is a writer for CSC’s digital marketing team.
Related Content
- Biometric Authentication: Say Goodbye to Mobile Passwords The co-evolution of online services and mobile devices is driving more demand for fast, easy and affordable authentication.
- How Cell Phones Undermine Enterprise Security