Prevent OTP, PIN, Password Frauds and Experience the next generation in Authentication technologies
Cyber Frauds & Social Engineering Scams – is a persistent problem that continues to thrive. Customer education has not been effective. Challenges include keeping up with new patterns that constantly evolve taking advantage of human fear and greed. In the present Password, PIN and OTP system – the weak link is the human element since that is the Knowledge Factor, and financial institutions cannot control individuals’ actions.
The scam involves “a psychological manipulation by the criminals of unsuspecting individuals or cyber-attacks into performing actions and divulging confidential information”. Globally, Financially Motivated Social Engineering (“FMSE”) represents a large part of frauds still experienced by Banks and Financial Services companies, and its customers are still at risk of suffering significant financial losses unless it is addressed.
Limitations of Present systems
Banking is mostly digital these days and Banks are unable to understand customer’s Digital identity. They can’t differentiate between a Customer and a Fraudster in the Digital world. After Passwords, Pins and OTP, there have not been suitable solutions available in the market to address these frauds wholistically.
While hard and soft token based logins are available, these solutions are expensive, hence not viable, and not suitable for multi device access. If Banks add multiple layers of security, they would end up impacting User experience which is equally important – Financial Institutions would not like to trade-off Usability for security. Inspite of taking up promotional and knowledge campaigns, Financial Institutions have not been able to stop Customers from compromising their information or change their online behaviour.
If they rely on 3rd party authentication or other step up provisions, cost goes up significantly. Looking at the increasing FMSE trends, regulators are increasingly advising Financial Institutions to opt out of passwords and opt in for secure authentication solutions.
Why BankIQ – IPAS ?
BANKiQ IPAS is the next generation in Authentication technologies leveraging the CIPHER engine, designed to standardize the use of mobile phone, which is carried around every day, as the primary authentication. The goal of the BANKiQ IPAS is to provide high quality cryptographic assurance that the user authenticating is indeed the user assigned to that account. Solutions built with U2F are utilizing authenticators to create a simpler second-factor authentication (2FA) experience.
BANKiQ IPAS would be a merger of UAF and U2F use cases to address both Password-less and second-factor experiences and provides users with the ability to utilize bound authenticators and roaming authenticators (for multi device support). Enterprises deploying BANKiQ IPAS authentication will be able to provide their users with biometric access which in turn uses bound authenticators and/or in roaming authenticators to offer the correct authentication experience moving away from knowledge factors to ownership and inherence. BANKiQ IPAS would aim to make this transition easy for the banks without changing other systems at their end.
Banks may define different access policies for different types of resources that require authenticators to meet a specific security requirement. For example, access to privileged resources may require an authenticator with a higher security characteristic, while normal user resources may require authenticators with a medium security characteristic which are convenience oriented. Banks would need to ensure that users have the authenticators with the right assurance levels to access highly sensitive resources to enable complete replacement of password-based authentication and provide a greater user experience.