Breaches have broken the authentication model

Register now

In the wake of unprecedented security breaches that now affect more than half of all adults in the U.S., financial institutions and issuers are rushing to add additional screening and security to identify customers.

This year’s breaches have netted hackers the whole gamut of personal information including social security numbers, motor vehicle licenses, names, addresses, tax information, passwords, credentials and more. In short, it represents every piece of information that's used to identify customers. With the amount of personal information that has been stolen this year, it is almost impossible to come up with additional screening questions that can’t be answered by hackers.

The financial services and card issuing industries could be in the same position as the airlines, which require passengers to take off their shoes, get scanned, show ID, open their suitcases for inspection and more, not only to identify themselves, but their belongings.
It has become an arduous task for both consumers and those that must review everyone going through the gate. Financial services is facing the same type of crisis and will be forcing consumers to provide extra information and proof of their identities. That puts the easy user experience to perform daily banking in jeopardy.

In the meantime, customers have put their credit freezes in place as one way to deal with this crisis. While experts agree that is a one step for consumers to take, they also agree it provides limited protection. It does nothing for existing accounts which can now be taken over by hackers who have background, credentials and passwords to commit fraudulent money transfers and more. Consumers are only going to catch onto after they get their statement or check their balances. The financial institutions will be no wiser if a hacker presents all the right information.

The real answer to this dilemma is to change the authentication framework altogether with new technologies that employ passive biometrics and behavioral analytics. These new technologies serve as the inflection point and are part of any essential multi-layered solution for identifying customers by their behavior instead of through personal information.

This framework puts the emphasis on customer behavior like the way they hold their devices, how hard they press keys, how they navigate sites and hundreds of other behavioral points that can be analyzed in real time to identify true customers. These technologies add a deep level of trust around whether or not it is the correct human authenticating into a secured environment. These factors are virtually impossible for a non-human interface to replicate.

This approach can block fraudulent transactions even if hackers steal consumer devices, identity, password or credentials. It is also a methodology that is able to cut down on fraud while ensuring the consumer experience.

Financial institutions should implement a multi-layer authentication and security framework that incorporates passive biometrics and behavioral analytics combined with the contextual data used in applications, logins and solutions to be able to securely identify individuals and render single forms of identification like passwords, social security numbers and more, useless information for hackers to steal and use.

For reprint and licensing requests for this article, click here.
Data breaches Retailers Digital payments Banking ISO and agent