Evaluating Risk-Based Authentication Solutions with Forrester and Frost & Sullivan
As the world’s digital habits change and grow, fraudsters are more than capable of adapting their strategies along with it. In the US, the Federal Bureau of Investigation (FBI) cited data in a recent public service announcement stating, “Studies of US financial data indicate a 50 percent surge in mobile banking since the beginning of 2020.” With this increase in mobile activity, we can expect a correlated increase in mobile fraud.
Widely recognized analyst firm, Frost & Sullivan, released a report that elaborated on the need for more advanced authentication solutions to combat the volume and complexity of modern fraud strategies. They write, “...fraud prevention solutions focused primarily on static data and rule-based analytics to address transaction fraud are inadequate for preventing the sophisticated mechanisms employed by hackers.” Instead, Frost & Sullivan advocates for, “behavioral analytics-based fraud management solutions that can leverage the power of machine learning (ML) and artificial intelligence (AI) to identify threats and assist with timely decision-making for fraud prevention.”
In light of this recommendation, we’ll break down the components of an effective risk-based authentication solution and discuss further insight offered in recent analyst reports by Forrester and Frost & Sullivan.
Components of a Risk-based Authentication Solution
An effective risk-based authentication solution consists of three key components that differentiate it from single-factor or static authentication tools:
- Risk Analytics: By leveraging machine learning, leading risk analytics platforms are able to analyze extremely large sets of disparate data to accurately determine the risk of an individual transaction in real-time. Though the data sets are too large for a human to dissect manually, machine learning can easily identify anomalous patterns and create a risk score that accurately reflects the propensity for fraud.
- Orchestrated Multi-factor Authentication (MFA): With the risk score determined, a risk-based authentication solution can automatically implement an authentication challenge based on the severity of the risk score. A high-risk transaction will trigger a step-up authentication requirement which could be a one-time password, fingerprint scan, or other challenge. Alternatively, a low risk transaction will not require any additional authenticating at all.
- Device and Mobile App Security: The integrity of the mobile device and banking app is critical to an effective RBA solution as more authentication and transaction verification is taking place via mobile. The mobile channel provides a rich data set that is consumed by the risk engine to enhance the accuracy of the risk score. Some examples include whether the device is jailbroken/rooted, geolocation, device ID, and detection of malware. By analyzing this data alongside other user behavior and transaction data across digital channels, the most accurate view of fraud is created. And the use of technologies like application shielding go further, protecting the banking app from the inside-out and ensuring a completely secure mobile experience for bank customers.
Forrester Recommendations for Evaluating RBA Providers
The Q2 2020 Forrester Wave Report for Risk-based Authentication takes a holistic look at the leading providers of risk-based authentication solutions, including OneSpan Intelligent Adaptive Authentication. In the report, Forrester discusses their recommendations evaluating different providers and what to look for when selecting the right solution for your organization.
- Deliver bundled, tested, and productized rule templates: Look for a vendor that can expedite solution implementation. One way to do this is via canned rule templates, which not only will increase the initial accuracy of your risk scores, they will help your team gather results quickly and further optimize the rule set . The solution should also provide transparency as to how and why these rules are triggered across digital channels.
- Utilize customizable predictive fraud models: The statistical algorithms of your risk-based authentication solution determine how the machine learning will identify anomalies in customer behavior. Choose a vendor that ensures the transparency of these algorithms and allows your team to refine them without extensive. Long term professional services engagements.
- Provide authentication policies and user self-service: Make sure the solution does more than merely risk analytics. It should provide each of the components listed in the section above. Granular policies that determine when to ramp up additional authentication requirements are shown to improve security while also ensuring a positive customer experience. In this way, the solution can apply the precise amount of security required for each unique transaction — no more, no less.
- Offer fully integrated fraud data feeds across users, devices, and channels: To generate the most accurate risk score possible, the solution must be able to consume and analyze as much user, device, and transaction data as possible across digital channels. This ensures your solution can leverage all the data it needs, and the improved scoring accuracy will drive down false positives which reduces friction and boosts the user experience.
Frost & Sullivan’s Assessment of OneSpan and the RBA Market
Frost & Sullivan alongside their analysis of the fraud landscape and advocacy for risk-based authentication solutions awarded OneSpan the 2020 Best Practices Award. This award names OneSpan the 2020 Global Digital Identity and Risk-based Authentication Platform Company of the Year. In the accompanying report, Frost & Sullivan identifies what makes Intelligent Adaptive Authentication a strong solution and what earned OneSpan a leading position in the market.
The report discusses key facets of Intelligent Adaptive Authentication that align with Forrester’s recommendations for evaluation risk-based authentication solutions, including:
Game Changing Digital Identity and Risk-based Authentication Technology
“OneSpan equipped its Intelligent Adaptive Authentication solution with sophisticated machine learning (ML) capabilities that drastically reduce the number of false positives and false negatives as demonstrated by competing technologies. Subsequently, the solution decreases credential prompts for an authorized user’s low-risk transactions and prevents account takeovers by deploying risk-based analytics to hinder hackers from accessing PII and committing fraud.”
Impressive Partnerships and Customer-centric Design
“The company’s close collaboration with its partners, combined with the Trusted Identity Platform’s API, allows OneSpan to ensure its solutions remain compatible with third-party systems, platforms, and apps, creating a seamless deployment and integration process for clients.”
Evaluating Your Needs and Key Providers
The widespread shutdowns and shelter-in-place orders have accelerated the future. Mobile banking activity has been on the rise for some time, but without other options, many individuals have turned to banking apps to meet their needs. In this environment, it is essential that our financial institutions embrace advances in risk-based authentication to help combat the rising sophistication of fraud schemes and strategies.
When evaluating which risk-based authentication solution is right for your organization, recognize that the unique needs of your organization will be the greatest determining factor in your selection. Forrester provides a helpful baseline, but not every feature or requirement may be relevant for you. A provider that excels in key areas may be a stronger fit for your organization than one who claims capabilities in every area. Above all else, vendors with the most industry
experience, specialized support across geographies, and essential feature/functionality to address your specific requirements are best suited to effectively address business issues and meet expectations.