Christy Serrato, Solutions Marketing, Identity Assurance, HID Global
It has been estimated that nearly half of all banking customers now prefer secure online banking services for account access. Along with today’s explosive growth in online banking has come more sophisticated fraud attacks and increased regulatory oversight. As a result, it has become increasingly critical to move end users beyond simple, static passwords to strong, adaptive authentication that ensures accounts can only be accessed by authorized individuals, without intruding on the online convenience.
In order to be effective, layered authentication must be implemented as part of a cost-effective security strategy that enables financial institutions to protect users’ online and mobile transactions from anywhere, and from any device, more frequently than ever before.
New Channels Leading to New Threats
According to CEB Towergroup’s Retail Banking & Cards practice, there are several key trends to monitor in the financial industry. First, rapid new channel growth is forcing financial institutions to effectively manage fraudulent activity across all channels. At the same time, the research firm says that the preferred banking method changed drastically from 2010 to 2011, with customers becoming almost two times as likely to favor internet banking. CEB TowerGroup believes that consistency in security practices and a holistic view of fraud in all channels is essential since customer information and transactions can be performed at multiple points of access.
Another key trend cited by CEB TowerGroup is the need for authentication solutions to adapt to new regulations. The firm has reported that 59 percent of respondents in its authentication survey have been audited for compliance with the 2011 FFIEC supplement regulations, demonstrating solid progress in the past year. However, a third of currently-deployed authentication management solutions have not yet been part of a formal audit, and 8 percent have conducted their own audit internally, but not externally. With respect to the new guidance, 25 percent of respondents raise concerns because they have solutions that do not currently support out-of-band authentication. Finally, with new electronic channels developing, CEB TowerGroup said it believes that financial institutions will depend on strong integration and on a variety of authentication methods to mitigate risk and fraudulent activity.
The Need for Customer Engagement
A key component for effective authentication identified by CEB TowerGroup is Customer Engagement, which the firm defines as those attributes that facilitate the authenticating customer’s comprehension of and successful interaction with the solution. In its retail banking and cards practice technology analysis, CEB TowerGroup awarded HID Global its best-in-class Customer Engagement rating, highlighting that its authentication factors (the broadest in the market) offer experience consistency across service channels and its customer self-service capability delivers intuitive management of credentials.
CEB TowerGroup evaluates Customer Engagement based on three criteria: 1) Initial Authentication, 2) Customer Credential Management, and 3) Credential Recovery. ActivID addresses the first criterion using a 3-step process that includes instantaneously profiling the customer’s computer, connecting with an online service provider that queries ActivID to retrieve Risk Score & DeviceID and Malware Detection Status, and analyzing the risk score and detection status. For Credential Management, ActivID provides an extensive role-based authorization model and audit logs that allow for a thorough trace of access, enabling a customer with the right privileges to access the appropriate assets. The third criterion, Credential Recovery, is delivered using different distribution and recovery processes for different channels. Physical tokens are sent in the mail, while soft credentials are typically downloaded. Customers can also assign and recover locked credentials through a self-service portal.
Other Criteria for Effective Authentication
Beyond user engagement there are other authentication solution criteria. For instance, Gartner Group, in its most recent Magic Quadrant for User Authentication report, said solutions must be evaluated against the industry’s “Nexus of Forces”as information provides the context for delivering enhanced social and mobile experiences from the cloud to users and systems. In the Gartner report, HID Global was highlighted for its broad target system integration and wide range of authentication methods and use cases. The report said that customers who specify HID Global’s products cite its pricing model and total cost of ownership, functionality and expected performance as key decision factors.
Amid these changes, technology providers are seeing and serving accelerating demand for seamless, risk-based solutions that enable banks to tailor authentication choices for a wide variety of customers using these services. A multi-layered approach will enable institutions to conveniently and incrementally add online fraud protection capabilities with secure access to online services and cloud-based applications. We require a unified approach to be delivered via an integrated authentication platform so organizations can easily manage credentials across a broad range of users and device types, while delivering consistent yet convenient protection to combat the latest fraud concerns that financial institutions are facing worldwide. A multi-layered strategy improves security while ensuring that banks can employ risk-appropriate solutions based on the given threat level and customers’ preferences. Additionally, the use of a common platform that supports multiple channels and multiple user communities will also lower the total cost of ownership for multi-layered online banking security solutions.
Customers will only use online banking if they trust it is secure. This requires moving beyond simple passwords to true, multi-factor authentication, which will continue to be increasingly important for online fraud prevention, data security and privacy protection. The combination of Customer Engagement functionality with a multi-layered approach, backed by partnership initiatives that foster deeper collaborative solution development engagements, will enable the industry to meet escalating demand for solutions that protect customers’ security, safety and loyalty as they execute online and mobile banking transactions.