Securing transactions by matching a user to his or her mobile device has existed for some time, but two major trends connected to payments will likely bring that technology to the forefront, according to InAuth CEO Lisa Stanton.
The mobile security company hopes the fraud migration to digital transactions such as mobile payments expected to accompany the U.S. EMV migration, and the move to allow larger transactions on m-commerce apps, will draw more attention to securing users' devices.
"The introduction of chip-and-PIN and chip-and-signature transactions has everyone worried about fraud migrating to digital channels, and using the device to help mitigate that increase is a really hot topic right now," said Stanton, who joined InAuth in December after a stint as president of the Americas for Monitise.
The company has placed its device ID technology on about 70 million devices in the 18 months since its release, uptake it hopes will increase via the EMV migration. It plans to expand deeper into international markets to support m-commerce merchants that are increasingly accepting cross-border payments.
Traditionally called "device fingerprinting" the technology uses a web connected device, such as a smartphone or a PC, to authenticate the user. InAuth's technology includes InMobile, which creates a permanent device ID that cannot be wiped from the device. The company also sells other technology that shields browsing and creates rules-driven fraud identity scanning and analytics.
"Somebody can use a tablet, which we just scanned for malware, to access mobile banking or do an m-commerce transaction with significantly reduced authentication," Stanton said.
The uses include identifying the user, as well as scaling identity risk, which can impact user experience if a consumer is asked to take more steps to execute a relatively small purchase, Stanton said. The idea is to allow larger mobile transactions with less authentication, he added.
"When we talk to the large m-commerce players, they don't talk about fraud, they talk about 'step up' authentication," Stanton said. "It's all about creating confidence in how the device is used."
The trends Stanton discussed do enhance the market for device-centered security, said Avivah Litan, a vice president and security expert at Gartner.
"All of the financial institutions are under pressure to put full functionality on mobile apps," Litan said, adding the growth of mobile app businesses such as Uber and Airbnb are enhancing the trend toward more financial transactions executed on mobile devices. "A lot of the old technology that works for the browser doesn't work for the mobile device."
The technology can also prove helpful in preventing unauthorized use of a consumer's account, because the account and the device's identity have to match a specific person, Litan said.
"It's important to know that the user's device hasn't been hijacked," said Litan, adding device ID should work in concert with other authentication to provide an added shield. "You have to do more than just identify the device."