OneSpan and ForgeRock Demo

Video Transcript

During this video we will show the combined value of OneSpan’s award-winning Intelligent Adaptive Authentication and Risk Analytics technologies and ForgeRock’s proven Access Management Platform.  

These solutions help financial institutions prevent fraud and streamline authentication workflows.

Today we will demonstrate how these solutions work in a real-life scenario.

To show the customer journey, we have created a fictitious bank called ‘MyBank’. All of the authentication and transaction flows are configured through the OneSpan Risk Analytics presentation service and the ForgeRock administration portal, which we will show later.

Now, let’s get started.

We start with a brand new customer who wants to open a new account. They navigate to the MyBank website which enables new or existing retail banking customers to open a new account, login, or perform a banking transaction.

The customer clicks New Account and fills in their information.

Every component in this sign-up form is configurable through ForgeRock. In this example, the sign-up form appears as a pop-up.

As the customer fills out the information, OneSpan’s Intelligent Adaptive Authentication service gathers details about the browser and the transaction to evaluate the trust level of the browser.

For this demonstration we have created a simplistic user sign-up process which focuses on registering a trusted mobile device and trusted browser. A full account opening scenario would also include an identity verification component at this stage.

Once the customer has proven they are who they say they are through identity verification, they move on to activate and register their mobile device.

MyBank asks the customer to download a mobile application from their mobile app store. This application is called a Mobile Authenticator and is used to respond to dynamic authentication requests and transaction needs. The example MyBank app is similar to the mobile authentication apps many banks use today.

Once the app has been installed on the users phone, the user is asked to scan the Color QR or CRONTO code using the app. This starts the device registration process.

The customer scans the color QR code in an instant. This provides security information from the bank’s back end to the customers mobile.

OneSpan Mobile Security Suite, embedded in the application, scans the mobile device to ensure it is secure.

The user is then asked to create a PIN code. The PIN code will be used when the customer needs to authenticate themselves on login to their account. Financial institutions can also configure this stage to require the new account owner to register a facial biometric or fingerprint biometric. The full range of OneSpan’s biometric authentication capabilities are all configurable inside ForgeRock.

The customer is registered and securely activated and can now use their account.

Many banks offer their users multiple services and accounts, which often require multiple logins. ForgeRock’s Access Management platform helps banks avoid this by providing a simple and powerful single sign on mechanism.

After the first login, the customer has had their browser scanned by OneSpan Risk Analytics and it has allowed ForgeRock’s single sign on mechanism to remember the browser the user is using to access the site. The user will no longer be interrupted to perform a login unless they move to a new browser, or unless the OneSpan Risk Analytics detects that something has changed in the browser environment.

The user now has access to their accounts.

Login and onboarding are not the only stage where the customer may need to authenticate themselves.

Additional authentication may be required when the user is paying a bill, doing a wire transfer or managing sensitive account information.

The user clicks on the transactions tab to transfer some money. This triggers a risk evaluation through the OneSpan Risk engine.

Risk Analytics checks the risk and determines a score. Based on the score, the user may be asked to re-authenticate themselves.

The user is sent a push notification with a request to authenticate the transaction using their previously registered facial biometric. They take a selfie using the Mobile Authenticator app to authenticate the transaction.  

OneSpan also offer additional types of biometrics including fingerprint biometrics, which can be configured through ForgeRock.

In the next part of the demo we will show you the ForgeRock environment.

You have just seen how OneSpan’s Intelligent Adaptive Authentication and Risk Analytics technologies, combined with ForgeRock Access Manager, can be used by financial institutions to authenticate users accessing and managing their account.  

All of the scenarios you have seen can easily be configured in the ForgeRock platform via intuitive drag & drop workflows. ForgeRock uses the term authentication trees to refer to these workflows.

Within the user registration tree, there are a number of drag and drop components, referred to as nodes.

These nodes can be configured to a bank’s individual requirements. If, for example, a financial institution wanted to include a social login from Facebook as part of the customer registration process, the bank could simply drag and drop the social login node on to the canvas, and ForgeRock would dynamically change the interface. Now, when a user arrives on the registration page, the first thing they’re asked is if they want to login with Facebook.

You can view all the OneSpan nodes available by typing “OneSpan” into the node list search function. These nodes are all included in the OneSpan ForgeRock package located in ForgeRock’s backstage web portal.

These components can be dragged in from the node list and made to create any specific workflow or to enhance any current workflow.

Finally, let’s see how all of the risk rules are defined and leveraged within OneSpan’s Risk Analytics Presentation Service.

OneSpan Risk Analytics provides preconfigured rule-sets that can be used by banks to quickly get up and running to meet regulatory requirements and prevent fraud and account takeover attacks. These rule sets can be enabled and disabled instantly, and new rules can be added as needed.

OneSpan Risk Analytics uses artificial intelligence and machine learning to help banks identify new and changing risk profiles in real-time.

Using Risk Analytics, fraud and risk intelligence teams can analyze transactions in real-time or in near-time to help investigate transactions and quickly adjust for new risk challenges.

Thank you for watching this video on how to simplify authentication workflows using drag-and-drop capabilities and dramatically improve fraud management results with OneSpan and ForgeRock.