The interaction authentication imperative

In this fast-evolving age of digital communications, transactions are becoming more straightforward and frictionless – from signing up to insurance policies and booking holidays, to transferring money between bank accounts and attending virtual appointments.

These online interactions make our lives easier. But they also create a larger target for fraudsters. We’re seeing a global surge in cybercrime, with a rise in account takeovers (ATO), phishing, man-in-the-middle attacks, and SIM swap fraud. Across the world, the cost of cybercrime grows 15% each year and if it continues at this rate, will top $10 trillion USD by 2025.   

So, as your business looks to expand the interactions and transactions it enables in the cloud, you’ll need robust measures in place to minimize risk. These should include reliable authentication solutions to be sure end-users really are who they say they are. 

At the same time, you need to know about ever-changing data protection and privacy rules. The cost of breaking data privacy regulations isn’t limited to potential fines, there’s a far greater and longer-term risk of damaging your brand reputation. It’s important to remember that securing consumer trust is as important as securing consumer data, so you need user-centric authentication solutions that verify identity without gathering information about the user, beyond what’s needed.

There’s no security silver bullet, so you’ll need to take a layered approach. But identifying users through their ever-present mobile devices is a great place to start.

Here are three key mobile identity measures that will help you do your bit to protect your customers, your company, and the wider economy from cybercrime.

Two-factor authentication (2FA) is a highly reliable method of user verification. A user just needs to combine something they know, such as their password, with something they have, such as their smartphone, to verify their identity. Most 2FA solutions send users a one-time PIN (OTP), often via SMS, which they use to authenticate a log-in or transaction.        

2FA has been a central part of the security landscape for years. But far too many customer interactions still solely rely on passwords as a single line of defence.There are some limitations to 2FA, but it is far superior to a single password. It should be a key part of any business’s security strategy, even if it’s only used as a failover for other authentication solutions, or is mostly used in situations where users need a visible means of authentication to reassure them, they are being protected.

With 2FA in place, you might want to consider going one step further and checking out three-factor authentication, or 3FA. This is a great option for sectors that are more sensitive to fraud or cybercrime and require a higher level of security, for instance banking or finance. 

3FA uses identity-confirming credentials from three separate layers of authentication. The third layer usually consists of biometric data from the facial recognition or fingerprint-scanning functionality present in most smartphones. Biometrics works as a bulletproof layer of authentication as it relies on verifiable, recognizable data that is totally unique to the user.

While biometrics is most used in 3FA, it can also be used to enhance existing 2FA processes. By replacing the OTP element of 2FA with biometric verification you can increase security, remove friction from the process and improve the user experience without adding a third layer.

With 2FA or even 3FA in place, you can start to layer in complementary security solutions to meet the needs of your business and your customers. Examples could be:

Silent mobile verification: Silent mobile verification uses data held by a mobile network operator to authenticate the user’s identity in the background in a matter of seconds. As the user doesn’t have to do anything – not even wait for a code to arrive – it minimizes friction in the customer journey. 

For example, a retailer might use silent mobile verification at the point of transaction to authenticate the user quickly without risking cart abandonment.   

SIM swap checks: A SIM swap check is another friction-free process that happens in the background. It looks up the International Mobile Subscriber Identity (IMSI) number connected to the SIM card to check if it has recently been changed. 

For example, a financial services provider using an OTP might use a SIM swap check to make sure they aren’t sending the PIN to a fraudster using a new SIM card with the same mobile number as an account they are trying to hack.

Number masking: Number masking can be used to anonymize a customer’s mobile number when they make a call, so it isn’t visible to a third party. 

For example, a ride-sharing service might use it to make sure riders and drivers are comfortable calling one another, safe in the knowledge the other won’t see their contact details.

The ability to interact and transact in the cloud is game-changing. By combining layers of effective and privacy-compliant mobile identity solutions, you can be sure it’s your customers you are connecting with, not a fraudster looking to game the system. Fraud must be beaten – for the sake of your customers, your company, and the world economy. The good news is you have the tools to do it.