With the breach threat showing no signs of slowing, security companies are rapidly broadening their systems to simultaneously fight identity fraud stemming from clients' consumers and employees.
These providers are using account opening or payment authorization technology to manage employee access, said David Pope, European marketing director with Jumio, an online and mobile credentials provider which joined a number of companies that demoed enhanced security technology at Finovate Europe in London last week.
Pirean, which presented during the show, is doing just that. Pirean is bringing its customer identity technology for things like account opening and payments authentication to the back office with employee and partner identity and access management.
The company, based in Canary Wharf in London, demonstrated its web-delivered IDaaS (identity-as-a-service) technology, which uses Pirean's Access One to provide employees with a single sign-on to corporate networks. Companies can require two factor authentication for certain corporate applications; users input a code that is sent through SMS or can scan a unique QR code.
Merchants, issuers and other payment companies are bolstering security in the wake of a series of large data breaches over the past couple of years. That means access and identity companies stand to pick up plenty of businessglobal spending on identity and access tools should reach $18.3 billion by 2019, according to a new report by MarketsandMarkets.
Jumio has improved its Netverify business product, which allows customers to authenticate themselves by taking an image of their ID and face. The system automatically rotates and crops images held up to a web or mobile camera to recognize the user and boost scan performance, according to Jumio.
Jumio also improved what it calls liveness detection technology" within its Face Match process to detect slight facial movements. This prevents someone from holding a static picture up to the camera. This detector is currently available in the European Union and will be available in the U.S. in March.
Netverify also allows consumer's to skip the hassle of typing out personal information and payment credentials on a small mobile screen.
Avoka, also a Finovate presenter, is another company that's looking to take the friction out of inputting data on a mobile device. The company has developed new technology that allows banks to open accounts and originate credit digitally in less than three minutes by sourcing user information from social media sites and financial aggregators such as Yodlee and CreditSense. For instance, Avoka uses LinkedIns API to pre-fill a customers personal information, such as name, gender and date of birth; for credit origination, Avoka can also pull employment details from LinkedIn.
Other companies are developing authentication systems that are nearly invisible to users.
Encap Security uses mobile identification for financial institutions using smartphone capabilities such as Apples Touch ID fingerprint biometrics scanner. NICE Systems and Trunomi are developing on voice biometrics to authenticate bank customers as they chat with customer service agents.
During the show, Intelligent Environments showed off AppSensor, a machine-learning security software that sits in the companys Interact digital banking platform and alerts financial institutions if it detects an intrusion. There are 23 sensors within the software.
Banks can build rules into the system to automatically close access if a breach is detected, said Simon Cadbury, head of innovation and strategy at Intelligent Environments, adding that could have been useful during the recent Sony attack, in which the hackers were in the entertainment companys network for three months before the breach was discovered.
Machine-learning software could benefit banks on the payments side in that it can determine whether a transaction should be denied or approved better than a solely rules-based system. The security officers at banks tend to have a whole lot of power...and they just lay down the rules, said Clayton Locke, chief technology officer at Intelligent Environments. This sometimes blocks genuine transactions, he said.
Intelligent Environments has about 45 clients mostly in the U.K. and mainland Europe. The company doesn't necessarily plan on selling the AppSensor directly, but instead want the technology to start the conversation about attack-aware software in the industry.