New World Authentication Solution
Despite the loss of the desktop and the use of a phone as a second factor, a host of new information is available in the mobile environment. Modern phones track the wifi and wireless networks they are accessing, the location of the device, the number of attempts to access the on-screen password, the use of the SD card, what applications are on the device, what websites have been visited, and what calls have been placed — just to name a handful of examples.
While scary to think about, consider what each of these elements could be telling your application about the incoming access request. Did this device just turn off the wireless radio and access the SD card to load an unknown application before attempting to log in using stored credentials? Has the user just downloaded data from questionable sites? Did a blast of international text messages go back and forth from a phone number never previously contacted?
If a banking application is installed, a large amount of anonymous data about the device usage can be fed back into behavior models to determine the likelihood that request is from the authorized user.
Instead of relying solely on the riskiness of the request to financial institution can now leverage software to model the risk of the device making the request as well. Some sets of actions might result in a risk assessment so poor the only course is to uninstall the app entirely and request the user call in immediately. Other options are grayer, requiring a more cumbersome identity check than just a password. By telling consumers that they have engaged in unusual activity vs. making them go through an interactive voice response process every time they want to do a large dollar action, banks only impact usability when they must. This approach will go far in relieving the fears associated with our usability concerns while still mitigating password-only protection schemes.
Seem like a reliable approach? Want to find out more, reach out to an Equifax representative at your earliest convenience to find out more about how we are tackling this growing security challenge.
This post was contributed by: