Intelligent Authentication Using Data Analytics
Financial institutions are using more sophisticated techniques to ensure security and improve the user experience.
- By James E. Powell
- August 18, 2016
Financial institutions have implemented a wide range of authentication methods, but now they must unify them to give the customer a better (and more consistent) log in experience. What big data and analytics techniques are helping meet modern authentication challenges? We asked Rivka Gewirtz Little, director of fraud product marketing at NICE Actimize, which specializes in fraud and cybercrime management solutions. Previously, Ms. Little spent 15 years as a technology journalist and analyst covering mobile payments, emerging money service business models, and telcos.
What is the value of analyzing data from across every financial institution channel (digital, mobile, call center)?
Today many financial institutions implement separate and siloed authentication methods in each channel. This results in an inconsistent customer experience. A bank's customer might log in to the online channel from an unusual location and pass through a stringent authentication challenge only to be stopped hours later for the same issue in the mobile channel.
Cross-channel authentication analytics allow financial institutions to take a holistic view of the customer and their authentication history across the enterprise. With this cross-channel view, banks can make context-aware, risk-based decisions to leverage the appropriate authentication method in each channel, optimizing the customer experience without compromising security.
What are some of the disruptive authentication technologies institutions are investing in?
We've seen financial institutions implement a wide range of exciting authentication methods, including voice, fingerprint, iris, facial, and behavior biometrics.
These methods are generally supported with other forms of passive or active authentication. It's increasingly common for financial institutions to run device ID analytics in conjunction with biometrics, for example. In some scenarios, cutting-edge authentication methods are also paired with more traditional solutions, such as passwords or soft tokens.
The downside of all this innovation is that some financial institutions are implementing overlapping authentication methods, which aren't managed in the same context. For example, we know some institutions have implemented multiple biometrics authentication solutions, all producing separate alerts across the channels with very little shared context.
That's when innovation becomes a challenge. The answer is to support these authentication methods with context-aware, risk-based analytics and real-time decisions. This way, financial institutions can make instant decisions about which authentication method to leverage based on the risk of the user and the event.
This kind of real-time decision making is also helpful with newer authentication methods that sometimes falter. For example, we know there have been issues with facial biometrics solutions that fail in environments with poor lighting. In this case, a risk-based analytics engine could immediately choose the next appropriate authentication method, weighing customer risk and customer convenience.
How do big data and analytics prevent unnecessary authentication challenges and keep fraudsters out?
Big data environments allow financial institutions to maintain a deeper transactional and authentication history for a richer view of customer behavior, which inevitably lends itself to better analytics for anomaly detection and real-time authentication decisions.
Also, big data environments enable financial institutions to consider a wider range of data types. As an example, where today many banks deal with card and digital channel authentication and transactions in separate contexts, in a big data environment they'll be able to make decisions on aggregated data.
What behaviors are being analyzed that could lead to changing the method of security during a transaction?
One of the most important benefits of using real-time authentication analytics is the ability to challenge customers both at log in and throughout a session.
This means that financial institutions can, for example, leverage a simple authentication method at log in for less risky events, such as checking a balance. However, if the consumer then decides to initiate a transaction, the analytics can make a quick mid-session decision to leverage a more stringent authentication method in real time.
Ultimately, this improves both customer experience and security, enabling the simplest challenges for lower risk events while leveraging tougher challenges for greater risk.
What will financial institutions be doing regarding authentication in a year, a couple of years, maybe even five years out?
One thing is for sure, banks will continue to try out new authentication methods and they'll use context-aware, real-time analytics and decisions to manage this complex ecosystem. This kind of intelligent authentication management will allow them to try (and optimize) many new methods. Essentially, risk-based analytics will be their safety net in a world of innovation.
Beyond that, I think we'll see an expanded use of device binding at the heart of authentication strategies. Financial institutions will leverage analytics that take into account rich device data, as well as the relationship between a consumer and their device, in order to make real-time identity and access decisions.
I also believe we'll see a rise in the use of wearable devices with behavior biometrics as part of the authentication ecosystem. Consumers will fluidly authenticate using wearable devices that depend on heartbeat or behavior biometrics to confirm their identity.
I am a strong believer in voice biometrics in the contact center and beyond. We'll see contact centers use voice biometrics to authenticate customers with zero friction -- but we will also see device-based voice biometrics that will allow access through mobile apps. Finally, we will see the use of voice biometrics in interactive applications such as Amazon Echo.
Is there new technology on the horizon that is not in use now but likely will be in the near future?
I believe there will be a role for block chain technology in identity management and authentication. Using block chain technology, financial institutions will create digital IDs for users that can be used for every online and mobile transaction. However, we are in the early stages of this development, with a number of hurdles to overcome, including data privacy in distributed ledger.
How are financial institutions bowing to customer authentication preferences and how does analytics play into customer service?
Customers who use fintech services, such as Venmo, have become accustomed to simple, frictionless authentication, and they often expect the same treatment from their traditional banks.
Financial institutions can finally provide customer choice in authentication by using risk-based authentication management analytics. With nuanced analytics and real-time decisions, banks will be able to write policies that offer their consumers the authentication method of their choice -- but with the ability to pull back and pose tougher challenges for riskier events or behavior.
It's also important to remember that not all customers choose simple authentication. With fear of data breaches, some customers welcome more stringent authentication. It's important to offer those options as well.
How are behavior analytics different depending on which authentication option a customer selects?
Regardless of authentication type, behavior analytics seeks anomalies in historic actions across channels. These analytics consider how often the user has failed or authenticated in the past.
Depending on the authentication method, analytics will consider some different elements. For example, in mobile channel authentication it's common to analyze the user, their device, and the historic relationship between the user and their device. Meanwhile, in the contact center there would be a consideration of automatic number identification (ANI) related to an authentication. (In a telco network, ANI automatically determines the telephone number from which a call is placed.)
Intelligent authentication management allows for the nuances of each channel and authentication method to be considered.
James E. Powell is the editorial director of TDWI, including the Business Intelligence Journal and Upside newsletter.