Adaptive authentication represents the cutting-edge of authentication technology, and Intelligent Adaptive Authentication (IAA) sits at the forefront. It allows financial institutions (FIs) to break the balancing act between mitigating fraud and encouraging growth. Fraud mitigation has traditionally been perceived as a trade-off between security and user experience: If FIs tighten their security measures, they will prevent more fraud – but doing so can negatively impact the customer experience and limit growth. Conversely, if FIs focus on growth at the expense of security, that will leave their customers vulnerable to fraud.
Adaptive authentication offers a way for FIs to have their cake and eat it too. By walking through the process and using an infographic and a typical transaction scenario as an example, you can see how Intelligent Adaptive Authentication does more than what is traditionally thought of as adaptive authentication. Using an orchestrated authentication approach, IAA can empower FIs to finally combat fraud while also optimizing the customer experience.
The Adaptive Authentication Workflow: A Six Step Process
To serve as a guide through the adaptive authentication workflow, take this typical banking transaction scenario:
Julie lives and works in Chicago. She has an apartment and a regular routine in which draws petty cash from an ATM at her grocery store. Outside of those regular withdrawals, she spends her money using a combination of credit and debit cards at various locations around the Chicago area. She also has family in the Los Angeles area, so she travels there several times a year and conducts POS transactions as you might expect in such a situation.
Julie’s bank is leveraging Intelligent Adaptive Authentication, so whenever Julie conducts a transaction, the following six steps occur behind the scenes without Julie ever realizing what is truly happening.
Step 1: Behind the Scenes
When Julie makes a transaction, Intelligent Adaptive Authentication technology collects data from whatever device she may be using. For example, if the device is a mobile phone, IAA can determine if the device is jailbroken and assess application integrity. If the device were a laptop or ATM, IAA would search for geolocation, the ATM model, and other contextual data.
Meanwhile, it also collects data on the user’s behavior across digital channels to build an accurate model of the customer. IAA is always collecting behavioral data to better understand Julie’s habits, so that should a transaction deviate from these known patterns, IAA can recognize this deviation and respond. IAA won’t know the amount of money in Julie’s bank account, but it will recognize that she regularly withdraws cash at the grocery store down the street from her apartment.
Steps 2 – 5: Server Side Risk Analytics
2. Next, IAA factors in a collection of other data about the customer and transaction to assemble a more complete picture of the situation. This data can be gathered not only from other OneSpan security solutions but IAA is also able to leverage any third-party fraud tools that the FI already has running in their IT environment.
Typically, financial institutions are already using a wide variety of security solutions to combat fraud. IAA empowers the FI to make the most of their fraud investment by integrating and leveraging their tools on one platform. Through this method, IAA can factor in data from all sources to both build Julie’s user profile and cross reference her transactions against her usual behavior.
3. With all the data surrounding the transaction in hand, IAA uses a combination of machine learning algorithms to identify new fraud schemes, anomalous patterns of activity, or suspicious activity for a single user or group of users.
The machine learning algorithms help IAA to view the larger picture. It analyzes an enormous set of data gathered – not just Julie’s history but every user, every end point, and every channel to which it has access. When working with such a large pool of data, the human eye would be unable to identify any meaningful patters, but IAA can create real-time data models that spot suspicious activity for a single individual or group of users.
Artificial intelligence then takes machine learning one step further by determining which data sets are important for defining the patterns that are useful for this particular scenario. In this case, it is deciding whether Julie’s specific transaction requires additional authentication steps.
Through this process, the combination of machine learning and artificial intelligence will produce a transaction risk score to be used in the next step of the process.
4. With the score determined, IAA leverages predefined fraud rule templates. These templates take Julie’s risk score for her transaction and apply logic on how to handle them. The outcomes of those logic workflows will vary from organization to organization, but generally speaking, the FI will require Julie to complete specific authentication steps depending on the risk associated with her score. Here, those authentication steps are assigned to the transaction but not yet implemented.
5. In step five, IAA implements its step up authentication. With the risk score as a guide, the authentication steps are dynamically applied to the transaction in real time, and Julie may have to take action. One risk score may require her to submit a one-time password (OTP). A higher risk score may require an OTP and fingerprint scan. At this point, Julie is prompted with the appropriate security measure.
However, it’s important to recognize that her transaction may be determined to be within her normal pattern of behavior. In that case, no additional security steps will be initiated. Through this process, IAA only applies friction to the security process when there is cause to do so. Rather, it applies the precise level of friction necessary for each transaction in order to protect against fraud attempts.
Step 6: Client Side Authentication Orchestration
If additional security measures are deemed necessary for this transaction, Julie must take action. She is prompted to authenticate herself in one form or another, and Julie does so. Now authenticated, Julie’s transaction completes as normal, and she can go about her day.
The Transaction from Julie’s Point of View
Julie’s experience with IAA is quite different from what is actually taking place. Steps 1 – 5 of the process occur in real-time and invisible to Julie. She is never made aware of the depth of analysis occurring for each transaction she conducts. Instead, she is only impacted in step 6 when IAA determines the level of risk and propensity for fraud.
Through this process, IAA ensures the best possible experience for Julie on every unique transaction, unlike most fraud tools. At the same time, IAA ensures that any transaction that could potentially be fraudulent is subject to additional security steps to ensure legitimacy.
Benefits of OneSpan’s Intelligent Adaptive Authentication
OneSpan’s Intelligent Adaptive Authentication provides clear benefits to the user experience, however the solution also benefits a wide range of business units in the organization. In the final section of the infographic, we cover how key stakeholders can capitalize on the solution.
- Business Managers: Business managers will enjoy the stark improvement to the customer experience. This, in turn, will contribute to healthy growth for the bank and improved customer retention rates.
- Security and Fraud Professionals: Perhaps the group to benefit most directly will be your security and fraud professionals. OneSpan’s Intelligent Adaptive Authentication solution leverages cutting-edge analytics and machine learning to drastically reduce the risk of fraud.
- Compliance Managers: A centralized rules and management interface allows your compliance managers to meet regulatory requirements while also enabling your organization to more easily adapt to new and changing regulations.
- IT Managers: OneSpan’s ability to seamlessly leverage third-party fraud detection tools provides tremendous flexibility in both the deployment and maintenance of the solution. As needs develop, it is ready to adapt as well. Further, the Intelligent Adaptive Authentication solution is designed with internal developers in mind. One simple API can be used to deploy it on all devices and new authentication methods do not require application code changes.
Download the Intelligent Adaptive Authentication White Paper
Our infographic relays crucial information about adaptive authentication, but it only scratches the surface. Download the white paper, Adaptive Authentication: Superior User Experience and Growth through Intelligent Security today to learn more about the new leader in authentication technology.