Blog article
See all stories »

Why Mobile-Based Password-Free Authentication is the Future for Finance

If today’s fintech sphere relies on one thing, it would be smooth and unfettered digital access.

The fast pace of financial transactions and commercial activity means financial institutions need to give their clients and employees ways of moving funds and authorizing actions in a seamless and reliable way.

When it comes to handling digital access, referred to in the industry as Identity Access Management, or IAM, a schism has always existed between two competing considerations: ease of use and security.

Nowhere is this conflict more pronounced than in the financial sector.

The Security End

 With so much at stake, banks and similar institutions need to ensure identities are properly safeguarded. The slew of cyber attacks regularly targeting these organizations (of which many if not most are attempts at circumventing authentication measures) demonstrates this all too painfully.

The understanding within the sector of the need for better authentication practices is growing. We can see this reflected in the latest regulations pertaining to fintech and IAM. The Payment Card Industry Data Security Standard (PCI DSS) now requires MFA around applications and infrastructure supporting and processing payment card data. Similarly, new mandates from the New York Department of Financial Services (NYDFS) require certain covered enterprises to move beyond legacy authentication solutions and implement robust authentication protocols that support MFA and a federated architecture.

The latest milestone in this trend of evolving IAM standards was the release of a report by the National Institute of Standards and Technology (NIST) on Digital Identity Guidelines. NIST’s Special Publication 800-63 wipes away most old password rules and places the burden of securing access in the hands of identity protection technology. For all federal agencies and government suppliers, NIST standards mandate the use of Multi-Factor Authentication (MFA) for privileged access and remote access to the network  

In an effort to address today’s risks nearly all standards have recognized that we can no longer secure access to networks with single-factor authentication like simple passwords.

The User End

 On the other hand, the financial industry cannot be expected to set up too many barriers to user access. Complex and cumbersome access protocols inevitably result in employee downtime due to troubleshooting, high costs in help-desk tickets, and of course clients annoyed at being denied access to their accounts and assets

Password-less BYOD: the Way of the Future  

 What the financial industry needs is a model that can transcend the user experience-security schism, a solution that can offer both seamless access and strong security.

The little known secret is that nearly all employees of financial institutions as well as their clients, already own at least one powerful cryptographic device.

You guessed it: their smartphones.

Personal phones can be leveraged into creating a robust and easy to use, password-less authentication system for nearly any financial institutions. Known as “Bring Your Own Device” or BYOD, the system circumvents all of the security and logistical challenges associated with traditional authentication models. All of this leaves enterprise networks safer--and with substantially lower operating costs.    

The benefits of integrating the BYOD scheme into networks are essentially three fold:

Better user experience - no one needs to be taught how to use their smartphones. Password-less solutions such as push notifications and similar applications can be streamlined into large scale use with relative ease and speed.

Minimizing costs - BYOD means users are already equipped with the necessary hardware. This means no need to invest in expensive devices that are needed for other authentication alternatives such as hardware tokens and biometric sensors. Additionally, companies will save on resources that go to help desk calls as well as the employee downtime and man hours of fixing account lockouts and resetting passwords.

More secured – Tying digital access to a physical device (that users are already carrying around with them) means authentication cannot be attained through credentials alone. Eliminating passwords from the equation means that there is nothing for potential attackers to steel in order to gain illicit access. Furthermore, password-less apps are far better at protecting against hackers’ attempts to intercept communications and impersonate digital identities.

Password-less BYOD is the next big step for the fintech industry. The BYOD approach to authentication is a win win scenario that both supports the authentication needs of the modern financial institution while reducing cost and improving user experience.

 

a member-uploaded image
4542
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Comments: (2)

Melvin Haskins
Melvin Haskins - Haston International Limited - 25 October, 2018, 08:37Be the first to give this comment the thumbs up 0 likes

How does this work in areas with very poor or no signal (Cornwall in SW England being a prime example)? How does it work when my phone battery is dead? How does it work in a different country to where my phone is registered?

Whilst mobile telephony has come a long way in 30 years I find that most people will not trust it for banking, because of the fact that Apple, Google, etc., can ascertain your activities.

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 25 October, 2018, 15:43Be the first to give this comment the thumbs up 0 likes

Not sure why Mobile-based authentication is the future of finance. It's an old technology - I wrote about it back in 2013 - Mobile OTP: Cyanide Or Caffeine For Online Payments?. Five years later, I'm fairly convinced that it's closer to cyanide and not caffeine. Mobile is a moving part over which neither the FI nor ISP or Customer has any control. It screws up UX and kills conversion. 

Raz Rafaeli

Raz Rafaeli

CEO

Secret Double Octopus

Member since

24 Oct

Location

Tel Aviv

Blog posts

1

Comments

0

This post is from a series of posts in the group:

Fintech innovation and startups

Disruption, destruction, harmony and creation; Fintech’s new frontier – a place to discuss the cutting edge of innovation.


See all