Voice of the Industry

2019: The push for orchestrated authentication

Monday 28 January 2019 10:46 CET | Voice of the industry

Julie Conroy from Aite Group explains why many leading FIs are turning to orchestrated authentication to fight fraud

Time is money when it comes to fighting fraud. Organised crime rings, fuelled with billions of compromised data records, are systematically and methodically targeting the financial services value chain with sophisticated card fraud, application fraud, and account takeover attacks. The volume of the attacks continues to increase, since there is little in the way of adverse consequences for the criminals (i.e., jail time).

Another key challenge for financial institution (FI) fraud executives is that even as the threat environment continues to escalate and rapidly evolve, FIs are under intense competitive pressure to make the banking experience easier and frictionless (while regulators in Europe appear to be taking the industry in a different direction, thanks to the second Payment Services Directive’s requirement for Strong Customer Authentication). In the face of these seemingly contradictory mandates, many leading FIs are turning to orchestrated authentication.

What is orchestrated authentication?

Nowadays, authentication is typically a one-size-fits-all activity, with stepped-up authenticators applied universally, regardless of the context of the transaction. For example, any time a retail-banking customer tries to send a person-to-person payment or a commercial customer tries to send a wire over a certain dollar amount, the user must input a one-time password. Orchestration of authentication seeks to better analyse the customer’s usual behaviour patterns as well as the context of the transaction.

With orchestration, the friction of stepped-up authentication is only applied when necessary, that is when the analytics flag that the context of the transaction is unusual behaviour for the customer.

The concept of orchestration can also consider the end user’s preferences in authenticators since this is by no means universal. The ability to tailor the authentication experience to the consumer’s comfort zone is important since this increases the potential that the transaction will be completed, rather than abandoned. An Aite Group survey of consumers in the UK, US, and Singapore shows differing preferences for authentication mechanism by age, by country, and even by the frequency with which the consumer engages in digital commerce. A few examples of these differences can be seen in the figure below:

Only 41% of consumers between 25 and 40 prefer username/ password, compared with 57% of consumers 65 and older.

56% of consumers between ages 18 and 24 prefer the fingerprint biometric, compared with just 39% of consumers 65 and older. This is understandable since fingerprints wear over time and the fingerprint biometric is often difficult to use for seniors.

Younger consumers are more open to facial recognition technologies than older generations.

Figure 1: Consumers’ Preferred Authentication Method by Age

How is orchestration achieved?

While intuitive in concept, orchestration requires advanced analytical capabilities. To achieve the potential of orchestration, FIs need to be able to harness the breadth of their customer data and apply advanced analytics that can effectively understand customers’ behaviour at the individual level, so that the decision of when to insert friction can be accurately taken. To enable consumer choice of authentication mechanism, the bank also must have a flexible range of authenticators available. To that end, many of the FIs on the forefront of this movement are approaching the process in a phased manner and either building or buying the requisite building blocks:

Data lake: Many FIs on this journey are standing up their own bespoke data environment for orchestration (as well as other real-time fraud needs) or streaming the data directly into the risk engine, since data currency is important to effectively analyse the segment-of-one customer behaviour.

Advanced analytical engine: Orchestration requires advanced, machine-learning based models that can baseline behaviour for individual customers, and then understand when their transactional activity deviates from the norm, thus requiring stepped-up authentication.

Authentication hub: In order to provide a range of authentication options to customers, FIs are turning to platform-based authentication hubs that provide a range of authentication options, and make it easier for the FI to swap in new authenticators on an ongoing basis.

A handful of large FIs already have their initial iteration of orchestration in production, and 2019 will see more joining these ranks. Among those leading the way, there is a strong belief that the resulting enhancements to the customer journey will not only improve the bottom line, but will also prove to be a competitive differentiator over time.

This editorial was first published in the Web Fraud Prevention, Identity Verification & Authentication Guide 2018-2019. The Guide covers some of the security challenges encountered in the ecommerce and banking, and financial services ecosystems. Moreover, it provides payment and fraud and risk management professionals with a series of insightful perspectives on key aspects, such as fraud management, identity verification, online authentication, and regulation.

About Julie Conroy

Julie Conroy is research director at Aite Group focused on financial crime issues. She has extensive product management experience working with financial institutions, payments processors, and risk management companies, including several years leading the product team at Early Warning Services.

 

 

About Aite Group

Aite Group is a global research and advisory firm delivering comprehensive, actionable advice on business, technology, and regulatory issues and their impact on financial services. With expertise in banking, insurance, wealth management, and capital markets, we partner with our clients, delivering insights to make their businesses smarter and stronger.


Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Julie Conroy, Aite Group, authentication, FI, voice recognition, biometrics, authentication hub, fraud prevention, advanced analytics
Categories:
Countries: World