1 Introduction
Finance industry organizations, eCommerce businesses, and other organizations that interact directly with end-users over the web are increasingly looking for better solutions for authenticating those users. They are challenged by the demand for new, digital offerings, while they must comply with ever-tighening regulations and reduce cost of IT operations as well as of fraud.
However, changing authentication and shifting to better approaches is still challenging for many of these businesses. Password authentication is not only insecure, but it leads to poor consumer experiences and is costly for businesses to maintain. Knowledge-based authentication is an even worse alternative. In order to deter fraud, comply with new regional and industry-specific regulations, and improve the customer experience, organizations are adopting new types of modular authentication services.
Most organizations have IAM products in place already. However, many are finding that their current solutions are not able to meet consumer expectations or security requirements. There are plenty of cases where banks experienced massive cost by fraud, as well banks and other organizations were hit by attacks that exploited weaknesses in authentication and fraud management.
There are a number of motivations driving businesses to enhance their authentication solutions:
- Improve consumer experiences
- Increase security
- Reduce fraud
- Preserve privacy
- Comply with regulations requiring strong or multi-factor authentication, such as AML (Anti-Money Laundering), EU PSD2, KYC (Know Your Customer), and NY CCR (New York cybersecurity law)
Consumer authentication services today are primarily leveraging mobile devices, particularly smartphones. Given the near ubiquity of these devices, it’s not a surprise. Smartphones can serve as a second factor, or the “something you have” factor in Multi-Factor Authentication (MFA) scenarios.
The Regulatory Technical Specifications (RTS) of the Revised Payment Service Directive (PSD2) in the EU requires banks, financial institutions, and other payment service providers to offer strong customer authentication (SCA) and perform user behavioral analysis to authenticate and authorize monetary transactions. Sophisticated Consumer Authentication solutions can provide these necessary functions. Additionally, the improved customer experience possibilities that modern solutions offer will facilitate brand loyalty and give a competitive advantage to those financial companies that deploy it.
Common features of Consumer Authentication solutions include:
- Self-registration for customers, supporting a broad variety of approaches
- Flexible and seamless, non-intrusive customer journeys reducing drop-off rates
- Consent mechanisms for users to control the use of their data
- Single Sign-On (SSO) across all digital properties of the target organization
- Multiple authentications options for customers, depending on risks and policies
- Anti-fraud capabilities, mitigating risks of fraudulent access and transactions
- Flexible application integration
Callsign is a vendor that delivers an integrated solution that covers both the registration and authentication capabilities, and fraud management, while targeting a broad set of regulations including GDPR and PSD2.
