ATLANTA – A recent study by Celent, an analyst firm focused on the use of information technology in the financial services industry, examines the evolving demands of customer identity management and authentication systems. Outlining the key drivers of change, namely customer expectations, technology and standards, and regulations, the study looks into approaches that allow banks to balance the customer’s desire for a frictionless experience with strong security.
Entitled Convenience, Security, Or Both? Setting Out a Vision For Authentication, the study breaks down problems and solutions in a variety of approaches to identity management and authentication. The report asserts that authentication is fundamental to banking and payments, and cites words attributed to Ross Anderson, a professor in security engineering at the University of Cambridge, U.K., “If you solve for authentication, everything else is just accounting.” Passwords are simply no longer enough to ensure fraud prevention, especially in an era of increasingly expanding digital lifestyles, and so the report points to a multi-factor approach to authentication as a best practice.
While authentication is not a new challenge, the landscape around it has become infinitely more complex. With the advance of regulatory changes, customer expectations, and technology, banks have been forced to place renewed emphasis on this area. Convenience, Security, Or Both? Setting Out a Vision For Authentication, suggests that banks, when selecting a vendor, should ask what is their vision for the future of authentication, and how their offerings map to the security policies and legacy security systems of financial institutions of their own institution.
In examining the authentication techniques currently used in the market, the Celent study discusses the role of data analytics in banks rethinking their authentication capabilities. It points to LexisNexis Risk Solutions dynamic Knowledge Based Authentication as an example of an effective approach, wherein data analytics maps out customer behavior patterns based on a customer’s digital footprint, and automatically generates and poses a series of questions based on basic personality information that only those specific individuals should be able to answer. Analytics are used to determine questions to present, and in which order. This dynamic KBA evolves out of static KBA, for which customers choose security questions and fill in their answers for later use in identity authentication.
Notes Kimberly Sutherland, senior director, Fraud Management, LexisNexis Risk Solutions, “In designing an authentication process, two seemingly contradictory poles exist: using a solution that’s completely secure but horrible for customers to navigate, and a solution that’s frictionless, but leaves massive holes fraudsters can easily penetrate. Alternatives are available to these two extremes. With a multi-layered, analytics-driven approach, a security system can be strong, while offering risk appropriate authentication options to customers.”
Adds Chris Pinion, manager, Fraud Solutions Consultants, LexisNexis Risk Solutions, “Deploying multi-factor authentication layers based on a combination of what one knows, possesses or a unique physical attribute is particularly effective, in that the rightful account holder can easily pass through each gateway, but only that person would have the requisite knowledge. This approach eliminates or greatly reduces the tradeoff between security and convenience.”
About LexisNexis Risk Solutions
LexisNexis Risk Solutions harnesses the power of data and advanced analytics to provide insights that help businesses and governmental entities reduce risk and improve decisions to benefit people around the globe. We provide data and technology solutions for a wide range of industries including insurance, financial services, healthcare and government. Headquartered in metro Atlanta, Georgia, we have offices throughout the world and are part of RELX (LSE: REL/NYSE: RELX), a global provider of information and analytics for professional and business customers. For more information, please visit www.risk.lexisnexis.com and www.relx.com.