Cloud‑based MFA: The Starting Point for Security, Compliance and User Experience
Banks and businesses are constantly under pressure to keep their data, customers, and employees secure. This has heightened in the last few months, as the global pandemic has seen cybercriminals ramp up activity. The number of phishing websites increasing by 350% since the start of the year, and £16.6 million lost in shopping fraud losses since the beginning of lockdown. Furthermore, with more than 15 billion credentials circulating on the dark web, cybercriminals have everything they need to commit account takeover attacks and other forms of fraud.
So, for banks and financial institutions, it’s more important than ever to have the right security infrastructure in place to prevent such attacks. In addition, they also have to make sure they’re meeting global regulation requirements, as well as matching customer expectations for how they interact with their bank.
Moving to cloud-based multi-factor authentication is one way banks can achieve the holy trinity of security, compliance and customer experience.
The Threat Landscape
You only need to look at the news cycle from this year to see that security incidences and data breaches are on the rise. So far this year we’ve seen prominent data breaches at Twitter, Zoom and Marriott, who suffered their second breach in as many years. With so many people still using the same static passwords as the sole means of authentication across multiple accounts, any data breach of passwords and email addresses can have serious consequences for consumers. At the same time, cybercriminals have been taking advantage of the spike in communications around coronavirus to launch dangerous phishing attacks, luring consumers into downloading malware or sharing personal, high value information. As remote working and banking is set to stay for some time, these trends are likely to intensify.
Given this, it was no surprise to see that phishing remains the preferred method for attackers when it comes to stealing credentials, according to Verizon’s 2020 Data Breach Investigations Report. The report also noticed that attacks are becoming more sophisticated, with organised crime groups seeking skilled professionals and technology to ensure faster monetisation of stolen data.
Moving to the Cloud
One way business leaders and banks can ensure their customers remain secure in light of the growing threat landscape, is adopting cloud based multi-factor authentication. While cloud computing has been on the rise for several years now, for banks and other large enterprises, the default security solution may still be limited, on-premise, authentication technology. Furthermore, the ongoing digital evolution has led to an increase in the number of applications and products, as well as expanded digital channels and the rise of mobile. This in turn has often resulted in a siloed approach to authentication security, putting the burden on IT staff to manage different point solutions.
Cloud-based multi-factor authentication provides a more secure option and ensures banks and businesses can keep customers protected against the growing threats highlighted above, particularly social engineering and phishing attacks. Furthermore, by streamlining the authentication process, banks and businesses can reap the benefits of increased operational efficiency. Cloud-based solutions are also highly flexible, and can support hybrid deployments of both software and hardware authentication technologies.
Compliance
While security has to be a top priority in terms of keeping customers safe and meeting their expectations, regulations are also placing far more importance on security than ever before. By moving to cloud-based multi-factor authentication, companies can achieve PSD2 compliance, and satisfy key criteria such as strong customer authentication (SCA).
SCA requirements are designed to enhance the security of online payments and limit fraud, and require customers to be authenticated by two out of three elements: something the customer knows (PIN, password, security question), something the customer has (a device), and/or something the customer is (biometric data such as fingerprints, or facial recognition).
Dynamic Linking is also an important aspect of compliance. In its most basic form Dynamic linking means that at the time of the transaction, the value of the transaction and the identity of the recipient must be displayed and there must be at least two elements of possession used. It is also important to note that these possession elements must dynamically link the transaction to an amount and a payee specified by the payer when initiating the transaction.
With cloud-based multi-factor authentication, a range of authentication methods can be deployed depending on the situation, allowing businesses and banks to satisfy the requirements.
Opening the Door
By moving away from on-premise solutions into the cloud, banks and businesses can open the door to more comprehensive cloud based solutions such as authentication orchestration and risk analytics. These solutions take advantage of AI and machine learning, to assess the risk level of a transaction based on vast and disparate data, including transaction details, customer behaviour, the integrity of the device and mobile apps, and other contextual data points. This information is then used to determine what level of authentication is required.
In today’s threat landscape, security should be of paramount importance to banks and businesses. Cloud-based multi-factor authentication is a great starting point for streamlining security, while improving the customer experience, lowering operational costs, and meeting strict regulatory requirements. Switching to the cloud also future-proofs businesses, by providing them with a seamless upgrade path to additional security solutions as and when they’re needed.
This article, writer by Mark Crichton, Senior Director of Security Product Management at OneSpan, was first published on DigitalisationWorld.com on January 5, 2021.