It’s no longer news that using the mobile device as a second factor of authentication is very effective. But what if you could go even further?
What if the mobile device could function as a multifactor authenticator, both for in-mobile and off-mobile interactions? What would happen if you took the convenience of the mobile phone and added to it the security of strong authentication and out-of-band push technology? Sheer magic, that’s what.
The world isn’t going mobile. It’s already there. Being “mobile first” is no longer a competitive advantage – it’s a given. Your organization has probably already taken steps to align itself with this new status quo. Adopting mobile makes it easier to reach the end-user and improves their experience. And this user experience – more specifically, causing the user as little friction as possible – has traditionally been the first priority in designing a digital service. When it comes to banking and financial services, however, the situation is a little different. When asked in IBM Security’s recent Future of Identity study about what they value most in a banking app, seven times more respondents chose security (76%) than convenience (11%). Similarly, research by RSA found that 93% of digital users in the US want to be involved in choosing how their accounts are protected online, even if this causes additional friction.
Users don’t want to be burdened with multiple clumsy authentication processes, but they do like the power of giving permission to complete or cancel an action or transaction. Offering two independent, out-of-band authentication factors on a single mobile device is the golden mean. A real-time response to an out-of-band push notification from the bank or financial service provider is quick and painless for the user to deal with, but this simple moment of intelligent friction assures them that they have final control on what happens to their money.
On a secure footing
Trust is the foundation of your relationship with your digital customers, and authentication interactions like these help to build trust. This, in turn, leads to more transactions and more user take-up of other digital services, which ultimately leads to greater revenue for your organization. Strong and transparent mobile authentication is not just about letting the right people and devices in, and keeping the wrong ones out. It’s about establishing trust between you and your end-users.
And this is where converged authentication comes in. At Entersekt, we like to use the term converged authentication to refer to the funneling together of all the channels and experiences you want to offer, all to a single authentication point. With a trusted device in the user’s hand and a secure channel in place between that device and your servers, there’s no limit to the innovative functionalities you can offer. Trusted document signing; inventive reward schemes; controlled access to sensitive data records. Your brand gains visibility by being present in each and every digital interaction.
Users can gain access to their Internet banking using not a password but a single touch to the fingerprint reader on their device. eCommerce is simplified and secured, with the shopper simply receiving a prompt to authorize an online purchase originating from their trusted mobile device. Even traditional call centers can be enhanced to offer a secure and more robust user experience: with mobile multi-factor authentication, the user isn’t vulnerable to vishing (voice phishing) of their sensitive information. There is also no need to make use of knowledge-based authentication, which takes time and effort and is not suited to high-security use cases, to confirm the user’s identity. A quick tap to approve an authentication push notification is all it takes to access their account.
The new digital world we live in requires that you put your brand experience right in your user’s hands. Banks and other service providers globally are investing heavily in mobile platforms, but if your users perceive your brand experience as insecure or clumsy, they can – and will – move on to something better. In an increasingly competitive space, a trust relationship is the best assurance that your customer will remain loyal.
About the author
Niel Bester is SVP Products at Entersekt. Entersekt is an innovator in push-based authentication and app security. The company’s one-of-a-kind approach harnesses the power of digital certificate technology with the convenience of mobile phones to provide financial services companies and their customers with full protection from online fraud.