ISMG Survey: Adaptive Authentication Tops the List of Authentication Investments for 2019
More breaches, more fraud, and more risks—it is only April and we are already fatigued by the continuous news about the cyber threats facing us. But, what about the other side of this news? What are financial services doing to address these threats?
To answer this question, OneSpan commissioned the Information Security Media Group (ISMG) to conduct a broad survey of financial institutions. Research data on the financial industry’s 2019 authentication strategy and spending reveals that 90% of financial institutions (FIs) lag in their ability to authenticate customers and step-up security in real time.
The report also provides an honest look at challenges in authentication practices and strategies. It highlights the growing tension between improving security, reducing fraud, and enhancing the digital customer experience. The biggest challenges stopping FIs from being able to confidently authenticate customers and step up security include:
- 96% of respondents still rely on legacy processes tied to username/password
- 44% have too many disparate tools, making effective coordination a challenge
- 44% are challenged by fraudsters’ use of legitimate credentials (exposed in data breaches) and social engineering schemes leading to account takeover attempts
At the same time, the good news is only 5% of respondents are seeing a decrease in their authentication budgets for 2019. To solve the challenges they are facing, more than 60% of survey respondents plan to invest in new multi factor authentication (MFA) technologies in 2019. These include solutions that rely on biometrics, AI, and machine learning.
When asked which specific tools they would invest in this year, 40% of respondents answered adaptive authentication ahead of all other authentication technologies. Why? Organizations that have adaptive authentication as an active initiative confirmed it is to reduce fraud (81%) and improve the customer authentication experience (75%).
At its core, adaptive authentication gives FIs the ability to reduce fraud by matching the account actions and associated risk with the right collection of authentication decisions, to help prevent and minimize fraudulent account use. In short, adaptive authentication enables FIs to apply the precise level of security, at the right time for each unique customer interaction. The most advanced type of adaptive authentication solution, Intelligent Adaptive Authentication, accomplishes this through real-time analysis of vast amounts of data (from the user, their device, and the transaction), resulting in a risk score. This score triggers automated authentication workflows that apply the exact level of security required for each transaction.
Why are FIs Running into Obstacles when Improving Authentication?
The ISMG report on “The Future of Adaptive Authentication in the Financial Industry” does more than just lay out the research data. Julie Conroy, Research Director with Aite Group, prefaces the report with an analysis of the survey results.
When asked by ISMG to comment on the biggest obstacles banks face when improving authentication, she explains that, “It’s the bureaucratic practice to get new technology into a bank. It’s going through the justification of the business case. It’s then getting in line for IT resources. It’s going through all the vendor risk management overhead. That used to be a year, and people thought it was painful. But now – especially with the vendor risk management overhead scrutiny – it’s 18 months in most cases. As fast as fraud and the cyber threats are moving, that’s just way too long a period of time to be able to adjust.”
From our viewpoint at OneSpan, there’s also the additional consideration that authentication technologies and solutions are very complex and there’s a myriad of choices out there. Many of these solutions were not designed to work together. Add to that, as Julie says, how much time vendor approval takes; plus the fact that implementation itself takes a long time and getting it all to work together is very challenging.
The other piece of this is the impact on customer experience. If a customer cannot access their funds or complete transactions, a bank or credit union may lose that customer for life. So, there is an understandable concern about how to achieve both security and an excellent customer experience at the same time.
The good news is that as fast as the attack vectors are moving, there are lots of great technologies coming to bear that can help with better authentication. The key is finding a way to help advise institutions to get them deployed in a timely manner.
According to Julie Conroy, “We’re seeing a lot of movement toward various forms of biometrics. As long as the biometric is paired with a strong device identity, which makes it much harder to move, that is something that we continue to see increasing use of. The payment networks in Europe right now are really pushing biometrics. I like the behavioral biometric, which is behind the scenes. And this has the benefit of being transparent to the end user, but giving some good indicators of ‘is this my genuine customer? Is this a fraud?’ There are lots of great results with the application fraud use case in behavioral biometrics where you can understand based on the way the data is being input.”
Why Adaptive Authentication?
Adaptive authentication is not a new concept. But looking at the technology advances of the last few years, they’re mind blowing. You can now look at a transaction and say, “This is an odd time for this person to do a transaction,” or judge the transaction by any number of other metrics. The landscape for authentication has changed, and the number of data points have just exploded.
We all know that consumers are remarkably unforgiving. They vote with their feet and will leave an institution that does not meet their standards. So, new fraud detection solutions allow institutions to reduce false positives and identify fraud in real time, while achieving those mutual goals. That’s where authentication – the adaptive part of it – has really changed. As we integrate large pools of data from other institutions and data sources, it improves financial institutions’ ability to achieve the two goals of reducing fraud and improving the customer authentication experience. That’s why in the next year or two, we’re going to see a turnaround where FIs will start achieving real gains in reducing fraud for their investment.
What to do with the ISMG Survey Results
Talk to the market experts. There are many excellent research firms out there, including Gartner, Aite Group, Forrester, and more. Once you have spoken to them, narrow your search to vendors that focus on bringing together multiple solutions into one single solution that delivers a fantastic user experience.
How OneSpan Can Help
OneSpan can help FIs transition to adaptive authentication quickly and easily. As a Trusted Identity Platform solution, OneSpan’s Intelligent Adaptive Authentication allows organizations to leverage their existing authentication methods, like hardware or software tokens, while layering in additional new methods of authentication, such as one-time password (OTP), fingerprint and facial recognition. Combined with machine learning, risk analytics, and mobile application security, FIs can provide a more positive customer experience while simultaneously reducing fraud.