Adaptive Authentication – How Precise Security Drives Growth

David Vergara, June 4, 2018
Julie Conroy

When it comes to fraud, financial institutions (FIs) find themselves trying to address competing priorities. On the one hand, the need for strong authentication and security continues to rise. Fraud and hacking attempts become more sophisticated each year, and new laws and regulations require stronger customer authentication security – potentially adding more friction to the customer experience.

However, consumers have no patience for additional security hurdles. Transacting with financial institutions has to be as easy as it is secure. It should be so easy and frictionless that consumers don’t ever think about the security. In fact, studies show that consumers generally don’t think about security until it breaks. When that happens – whether it’s fraud or data breaches – consumers tend to blame the FI. Clearly, security has to be done well in order to create the best possible user experiences, since this will drive growth through improved customer loyalty, retention, and bank services utilization.

The Pressures Shaping Financial Institutions’ Fraud Detection and Authentication Strategies

“Financial institutions are facing pressures that are coming at them from a number of different angles, all of which are shaping their detection and authentication strategies. In addition to the escalating cyber threat environment and changing regulations, there’s the omnipresent pressure for a friction-free customer experience,” says Julie Conroy, banking fraud expert and Research Director for Aite Group’s Retail Banking & Payments practice.

“All of this has a significant impact on FIs. They are walking a tightrope between a security experience that protects the customer and the FI, while at the same time providing a delightful customer experience.”


The Challenges with the Orchestration of Authentication

To make a difficult challenge even more so, financial institutions have been unable to leverage a single, comprehensive solution to mitigate fraud and improve usability for end users. Instead, they have a patchwork quilt of different tools and technologies from different vendors that were never meant to interoperate. This creates tremendous complexity as they license individual tools for fraud detection, biometrics, identity servers, security appliances, and more. From there, they try to tie things together, with frustrating results.

These tools were never intended to be used together, and integration becomes expensive and cumbersome. As new authentication technologies come to market, this situation only grows more complex and creates new pain points for the business. While a boon for consultants, it doesn’t make for more secure and usable systems.

Orchestrating all these different solutions also becomes a challenge, mainly because automation doesn’t usually figure into the best-of-breed solutions or can’t be implemented across multiple vendors easily.

So how do banks simplify the patchwork quilt of legacy technologies that have been acquired over the years – and unify all solutions under a single, integrated platform? And, how do banks pull from all of these disparate third-party data sources in real time, to make smarter decisions and better protect their customers against fraud?

Adaptive Authentication: Superior User Experience and Growth through Intelligent Security

Adaptive Authentication: Superior User Experience and Growth through Intelligent Security

Download this paper and achieve the twin goals of reducing fraud and delighting the customer.

Download Now

How Adaptive Authentication Helps

Adaptive authentication works through an understanding of the consumer’s behavior, the integrity of their devices and mobile apps, and other contextual data points. Though the software may not know the an individual consumer’s current bank balance or the date of their last car payment, it will recognize that Paul regularly transfers $200 to the same account each month from the same mobile phone in Chicago. The data is based on Paul’s activity, rather than static knowledge about his finances and personal life.

Why is this information important? Because, if it now appears that Paul is trying to send $1,000 to a new account from a different device in Paris, this falls outside his usual scope and contextual pattern. As a result, this transaction is more likely to be an attempt at fraud, but people don’t live in boxes. It’s entirely possible that Paul traveled to another city.

Therefore, instead of denying the transaction, the adaptive authentication tool challenges the consumer accordingly. Paul gets conditional access to particular account features, such as larger funds transfers. If Paul can pass the security hurdle and authenticate, he can proceed with his transfer. As Paul’s particular contextual patterns and circumstances evolve, the solution is intelligent enough to recognize these changes and adapt.

As part of this process, adaptive authentication assembles a series of risk scores to evaluate these various situations. But unlike the older, linear scores, it can cover multiple dimensions and circumstances and change moment-to-moment. The adaptive risk score can then become more accurate as it accepts these various third-party inputs. It will become a more reliable indicator of account compromise and potential fraudulent access over time. And because it is based on each consumer’s unique usage patterns, it is very difficult to impersonate.

A large part of this automation process is orchestrating how adaptive authentication will be used and how these assessments will be carried out by the suite of applications that a financial institution ultimately chooses to deploy. The best orchestration technology can examine a wide variety of inputs and combine everything together to make a real-time decision about the precise level of authentication security to apply to each consumer’s unique interaction.

What to Look for in an Adaptive Authentication Solution

OneSpan has just introduced an intelligent Adaptive Authentication solution built on an open, cloud-based architecture. It combines multi-factor authentication (MFA), behavioral analysis, biometrics, risk analytics, and mobile app security technologies with the latest cloud, machine learning, micro-services and container technologies, to drive growth and retention through:

    • Fully optimized user experiences
    • Intelligent, real-time fraud detection
    • Easier compliance

Download our white paper, Adaptive Authentication – Strong User Experience and Growth through Intelligent Security, to see the full adaptive authentication picture from OneSpan.

David Vergara is Director of Security Product Marketing at OneSpan and has over 10 years of experience in the software security space. Prior to OneSpan, he was VP Marketing for Accertify leading go-to-market strategy for their online fraud detection solution.