“Sheriffing” the Electronic Frontier: User Authentication
Were Willie Sutton robbing banks today, he probably would be coming in the electronic back door instead of the brick and mortar front door. Just as the online channel is the source of much needed revenue growth and lower costs for institutions, it is equally the land where fraud lives.
Which is to say if the examiners have not been by to talk about your identity and authentication processes, trust us, they’re on the way.
This is the year the Federal Financial Institutions Examination Council (FFIEC) member agencies have directed examiners to formally assess financial institutions under the enhanced expectations outlined in the supplemental guidance on internet banking authentication issued in 2011.
The supplement stressed the need for performing risk assessments, implementing effective layered security strategies for mitigating identified risks and raising customer awareness of potential risks. As you would expect, the FFIEC does not endorse any specific technology for this effort.
As banks carefully consider orchestrating customer activities across an expanding number of channels they interact with clients, including branch, on-line, call-center, and social media, the security needs should be balanced against a cohesive sales-to-service model. Customer expect to interact seamlessly across all channels.
The ideal solution for user authentication will easily integrate into current structures and platforms and scale according to risk in support of the various channels they support. In response to the current environment, the risk methods most financial institutions are focusing on include:
- Device Reputation
- Out-of-Band (token-less)
- Voice Biometrics
- Behavioral Analytics
- Knowledge-Based Authentication (KBA)
The core of all these methods, of course, is identity – and by extension, the core of identity is data. Financial institutions should evaluate solutions based on the combination of technical capabilities as well as completeness in incorporating multiple data assets essential to help fully verify customer identity. A robust data driven solution will incorporate unique and varied assets across the spectrum, including:
- Private financial and non-financial attributes not available in the public domain, such as those obtained from credit data
- Employment and income information, such as provided by employer-provided payroll data
- Non-credit payment information, such as utilities payment information
Your solution needs to be a risk-based authentication platform capable of evaluating remote devices – mobile, PC, Mac – and users – both individuals and small businesses. The network effect across the data assets links the entire lifecycle of an identity to build a high level of assurance and trust. A key capability is the management of policy within the solution or the ability to integrate into an existing authentication engine.
Coping with these threats is not a simple, straightforward task. Rather, it is an enormously complex and constantly evolving responsibility.
At Equifax, we understand the challenges of managing this risk across multiple channels and provide services and consulting to help you deliver comprehensive, robust, practical solutions that keep your customers’ information and your company’s reputation safe.
Recommended For You
A Two-step Authentication Approach Consumers are always on the go, using digital devices to make purchases, check account balances and […]
As an HR professional, it’s your priority to protect employee data. You may not realize it, but responding to employment […]
Meet Credit Union Members Where They Want to Do Business. It takes more than a “smile and a handshake” to […]
From movies like the “Big Short” to today’s history lessons, the Great Recession is well documented. I’ve worked in the […]