Using Authentication to Combat Identity Fraud
May 23, 2017
I recently spent 10 lovely days in England and ended up using Apple (News - Alert) Pay just about every day, certainly way more than I use it here in the U.S. The credit card scene is very different in England and Europe and contactless cards are in widespread use, making my chip and PIN credit card a bit of a cumbersome relic requiring a printout and signature for even the smallest purchase. But most merchants accept Apple Pay and I was able to make the same purchase in a matter of seconds instead of minutes.
One of the great features of Apple Pay and Android (News - Alert) Pay is the use of authentication to make a purchase. The apps typically use a fingerprint or pass code to unlock your mobile device, and then encrypt personal information and transaction data related to the credit card or cards you are using and implement tokenization to transmit the transaction. And this is all accomplished in a matter of seconds.
The importance of authentication for confirming identity in financial transactions is evident, but as we move to an increasingly mobile and cloud-based technology world, the power of authentication can’t be underestimated. With mobility, BYOD and the cloud comes accessibility, and businesses need a way to safeguard access to data and information while also enabling and supporting a global base of users. There are various levels of authentication that can provide security, based on the needs of a specific organization.
Single-factor authentication is the base level of confirming a user’s identity, typically through a username and password or a pass code. From there we move to two-factor authentication (2FA), which adds a second layer of authentication, i.e. a credit card and PIN. A fingerprint or other biometric authenticator can also serve well as a second form of authentication. For multi-factor authentication (MFA (News - Alert)), the user is required to provide more than two factors to prove their identity. An additional form of authentication is continuous authentication, which looks at a constant factor like a user’s typing speed, for instance. Continuous authentication relies on a database and sophisticated analytics to measure behavior patterns like typing speed and send up a red flag if something out of the ordinary is taking place.
Authentication is certainly the most common way to combat identity fraud. And as the technology world continues to push the boundaries of mobility and a growing number of devices enter the picture, positively confirming a user’s identity is the first line of defense against fraud. There’s plenty of room for growth and improvement when it comes to authentication, and the space will only become more sophisticated as identity fraud and attacks become more complex.
Article comments powered by