PaymentsJournal
SUBSCRIBE
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
No Result
View All Result

I Wish More Companies Used My Mobile Biometric For Authentication

Tim Sloane by Tim Sloane
October 25, 2018
in Analysts Coverage, Biometrics, Mobile Payments
0
Biometrics Eye Scan

Biometrics Eye Scan

3
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

I decided to review this blog in Finextra that discusses the upcoming dependence of mobile for authentication in three parts, The Problem Setup, The Recommended Cure, and Mercator Quick Analysis. However I’ll telegraph my conclusion, more authenticators need to use the biometrics already available on many mobile devices or consumer adoption will suffer.

The Setup:

“The understanding within the sector of the need for better authentication practices is growing. We can see this reflected in the latest regulations pertaining to fintech and IAM. The Payment Card Industry Data Security Standard (PCI DSS) now requires MFA around applications and infrastructure supporting and processing payment card data. Similarly, new mandates from theNew York Department of Financial Services (NYDFS) require certain covered enterprises to move beyond legacy authentication solutions and implement robust authentication protocols that support MFA and a federated architecture.

The latest milestone in this trend of evolving IAM standards was the release of a report by the National Institute of Standards and Technology (NIST) on Digital Identity Guidelines. NIST’s Special Publication 800-63 wipes away most old password rules and places the burden of securing access in the hands of identity protection technology. For all federal agencies and government suppliers, NIST standards mandate the use of Multi-Factor Authentication (MFA) for privileged access and remote access to the network

In an effort to address today’s risks nearly all standards have recognized that we can no longer secure access to networks with single-factor authentication like simple passwords. ”

The general gist here is 100% accurate – passwords have become useless as a form of protecting an account of any significant value. That said, while I wish more businesses would pay attention to NIST, very few actually do. Government agencies will mandate NIST compliance and this will certainly require authentication solution suppliers to pay attention, those suppliers will also need to align with other approaches.

The Recommended Cure

“What the financial industry needs is a model that can transcend the user experience-security schism, a solution that can offer both seamless access and strong security.

The little known secret is that nearly all employees of financial institutions as well as their clients, already own at least one powerful cryptographic device.

You guessed it: their smartphones.

Personal phones can be leveraged into creating a robust and easy to use, password-less authentication system for nearly any financial institutions. Known as “Bring Your Own Device” or BYOD, the system circumvents all of the security and logistical challenges associated with traditional authentication models. All of this leaves enterprise networks safer–and with substantially lower operating costs.   

The benefits of integrating the BYOD scheme into networks are essentially three fold:

Better user experience – no one needs to be taught how to use their smartphones. Password-less solutions such as push notifications and similar applications can be streamlined into large scale use with relative ease and speed.

Minimizing costs – BYOD means users are already equipped with the necessary hardware. This means no need to invest in expensive devices that are needed for other authentication alternatives such as hardware tokens and biometric sensors. Additionally, companies will save on resources that go to help desk calls as well as the employee downtime and man hours of fixing account lockouts and resetting passwords.

More secured – Tying digital access to a physical device (that users are already carrying around with them) means authentication cannot be attained through credentials alone. Eliminating passwords from the equation means that there is nothing for potential attackers to steel in order to gain illicit access. Furthermore, password-less apps are far better at protecting against hackers’ attempts to intercept communications and impersonate digital identities.

Password-less BYOD is the next big step for the fintech industry. The BYOD approach to authentication is a win win scenario that both supports the authentication needs of the modern financial institution while reducing cost and improving user experience.”

Mercator Quick Analysis

Mercator has written widely on this topic, including a forecast that predicts the decline of passwords as mobile devices take over the role of authenticating the user written in January 2017 and a deep dive into how we expect behavioral biometrics will play an important role in that transition.

Mercator has heard a range of differing opinions on this, most of which focus on the problems associated with a broken, lost or stolen mobile handset. Arguments based on this premise are baseless in that this problem is common for most authentication mechanisms and must be addressed in the deployment plans. Taking into account how the authentication mechanism will be transferred or re-provisioned when a new mobile device is acquired is a core requirement, as is resolving lost/stolen situations. Mercator believes the key attribute that is likely to limit consumer adoption of biometrics is the broad adoption by authenticators (Google, Facebook, LinkedIn, Salesforce, etc.) of just a few mobile authentication solutions and in January 2017 we predicted FIDO might become the most popular implementation standard.

Tags: AuthenticationBiometricsMobile
3
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

    Analyst Coverage, Payments Data, and News Delivered Daily

    Sign up for the PaymentsJournal Newsletter to get exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    Mitigation of P2P Fraud Begins with Education

    Mitigation of P2P Fraud Begins with Education

    September 26, 2023
    digital payments

    Mass A2A Payment Adoption in The U.S. Contingent on Compelling USP

    September 25, 2023
    cashless payments mobile

    The Synergy Between Cashless Payments and Seamless Mobile Coverage

    September 22, 2023
    The Power of AI and How its Transforming the Financial Landscape

    The Power of AI and How It’s Transforming the Financial Landscape

    September 21, 2023
    “You’re a Fintech, I’m a Legacy Bank – How Can We Collaborate?”

    Investing in Fintech: Opportunities and Challenges in the Payments Industry

    September 20, 2023
    real-time payments across the globe

    In 2023, Real-Time Payments Expanding Across the Globe

    September 19, 2023
    AI

    AI in EBPP: Small Changes, Huge Impacts

    September 18, 2023
    Amazon

    How Tech Is Changing the Checkout Process

    September 15, 2023

    Linkedin-in Twitter

    Advertise With Us | About Us | Terms of Use | Privacy Policy | Subscribe
    ©2023 PaymentsJournal.com

    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    Menu
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    • Industry Opinions
    • Recent News
    • Resources
    Menu
    • Industry Opinions
    • Recent News
    • Resources
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Industry Opinions
    • Faster Payments
    • News
    • Jobs
    • Events
    No Result
    View All Result