Delfigo Security - Strong Authentication

  • Increase font size
  • Default font size
  • Decrease font size
Home Strong Authentication
Strong Authentication

Will Increased Security Make a Difference for Mobile Payments?

"Those with a history in the mobile payments industry know that it has been a slow (and mostly disappointing) journey. But now, reflecting on the current ecosystem forces at play, I believe we find ourselves surrounded by a set of market trends that can finally give mobile payments a viable path to scale" says Alberto Jimenez for TechCrunch. "...Security in payments used to be a hygiene factor, something that you expect but that didn’t create differentiated value. However, after multiple, widely covered sensitive data breaches, security has become a value proposition in itself."

Perhaps users are remaining cautious in the light of well documented, heavily reported-on breaches of retail environments. Credit card numbers, or sensitive data, are captured by bad actors in a number of ways, including phishing, hacking into back end environments/servers, breaching the network or skimming (actually copying credit card information from an ATM or the like). With so much in the news, so frequently, security is becoming something users are turned into - and something that could potentially drive adoption of new mobile payments.

Says Jimenez: "Industry-wide initiatives, such as tokenization, have the potential to significantly increase the level of security and subsequently the general public perception about payments - specifically the kind initiated on mobile devices."


Are Biometrics the Answer to the Password Problem?

The Huffington Post ran this article this week describing various methods of biometric authentication which could be used to offset the risk associated with the username/password paradigm. Each of the methods described has becoming a technological reality, if not a widely available feature, on the devices users rely on to access secure accounts and communications/content.

Far from theoretical or deeply technical, this article speaks to the notion that users are finally beginning to understand the scope of the risk associated with username/password, and looking to understand alternatives that may exist, which goes beyond the simple need to comply with corporate requirements which are the traditional drivers of adoption of strong(er) passwords and/or second factor authentication.

With biometrics, end user education will be a key ingredient of success since by definition the user is required to leverage something about themselves to achieve the level of security biometric authentication can provide. The widening scope of the discussion around biometrics is a strong indicator that this is occurring.


Google's View of the Future

Last week Google I/O showed us Google's vision for our future.

"Google essentially wants to unify the user experience across all connected devices. That means allowing you to respond to text messages via your watch, order pizza from your TV, control your home from your car, and accomplish it all via a common voice-command interface that remembers your appointments and preferences" says James O'Toole for CNN's Innovation Nation.

Android's ever expanding platform is offering the kind of connectivity that means a user's identity will not just be their device, but a group of devices, all integrated and working with each other to deliver a seamlessly integrated experience. "It's a shrewd strategy" O'Toole continues, "As Internet-enabled products become more commonplace, we're not going to want to manage a huge variety of accounts. It's more convenient to have a common digital identity that moves with you across devices. The company that provides that single software identify is poised to reap massive rewards."

The notion of a single identity, free of the nuisance of maintaining multiple accounts, is seductive for users even as vulnerabilities continue to be exposed. To protect this broader concept of identity for users, across all of their devices, innovative identity security solutions will need to become part of the vision. These solutions will need to transcend hardware based delivery methods and take a hard look at what a user "is", and what makes them who they are. Biometrics are an obvious choice, as they are driven by the notion of using "something you are" to identify users. Because of this, we will likely see biometrics increase in usage, as they align with the emerging needs related to identity in this vision of the future.


Another Take On Passwords That Are Uniquely "You"

Authentication continues to evolve to toward leveraging information about the user, instead of information possessed by the user. "Face Lock" technology is discussed here, and is particularly compelling because successful authentication by the end user requires the end user to recognize a face (not a famous person - someone not everyone would recognize) from a group of faces. This is an interesting take on "facial recognition" that is being done by a human (the user) as opposed to a machine (your computer, using facial recognition software). In this model, the faces could change and as long as the user could still pick out a face that is familiar to them, the rate of success will still be high.

Bypassing something like this as a fraudster would be a question of pure luck (as long as the selections made by the end user were not obvious enough to be easily socially engineered), and the technology wouldn't require any special hardware. This is compelling because it relies on the human ability to recognize, instead of the ability of the human to be recognized by technology. Innovative methods, like this one, are continuing to broaden the discussion around next-gen authentication.


Are Biometrics the Key to Preventing Fraud in the Call Center?

"The best security is always layered security, and this principle holds true when securing the telephony channel" says Gartner's Aviva Litan on While Ms. Litan's article focuses on the strength of a combination of voice biometrics and device printing to fight fraud in the call center, this article highlights the importance of both a layered strategy and one where the methods are designed for the transaction.

Call center fraud can be especially tough, when, as the article cited above states, the perpetrator of the fraud may well have the answer to security questions (through social engineering), account details, and fail to raise any red flags in their interaction with the call center representative, who are trained to help customers when they call in with a request. In this case, the presence of a voice biometric allows for the perpetrator of fraud to be "flagged" and possibly to be identified if/when they next attempt to commit fraud. This is done passively, an area where the most cutting edge biometric technologies excel - there is no need to inconvenience the customer in order to pull, measure, or flag this potentially extremely valuable information.

In this way, biometric technology races ahead of other authentication methods, which often require the user to "do something" - even if that something is as simple as receiving a text message. By layering security measures that passively collect and measure information, and aligning those methods with specific use cases, organizations can reduce fraud and protect their customers.


Page 3 of 12