Multi-factor Authentication: The Cloud MFA Market is Mature, But Constantly Evolving
Every day brings new reports of cyberattacks and data breaches, many of which could have been prevented through multi-factor authentication (MFA). In 2017, financial institutions (FIs) lost $16.8 billion to cybercrime and experienced $5.1 billion in account takeover losses. Will it ever get better? The simple answer is no. Breaches will continue to fuel financial fraud, account takeover, and new account fraud. Combined with poor password hygiene, fraud growth will continue to rise. Today, no password is safe.
At the same time, FIs still need to grow top-line revenue, minimize fraud, and simplify the user experience. As they expand services in digital channels such as mobile and online banking, FIs are processing faster transactions. But with real-time payments comes faster fraud.
To help reduce the risk of fraud and data loss, analyst firm KuppingerCole recommends that FIs implement cloud-based multi-factor authentication or on-premises Adaptive Authentication. In a new report on the state of the Cloud MFA market, the analyst firm takes a deeper look at this mature segment, which is “constantly evolving, due to innovations in authenticator technology and risk analysis engines.”
A valuable report for organizations evaluating SaaS MFA solutions, the KuppingerCole Cloud MFA Leadership Compass profiles and ranks 12 vendors on features, functionality, and market leadership, including OneSpan, ThreatMetrix, Microsoft, and Gemalto.
Newest Cloud MFA Offerings Support Mobile & Risk Analytics
Cloud MFA is an evolution of legacy identity and access management (IAM) solutions. According to KuppingerCole, “Today’s newest offerings in this area provide multiple authentication mechanisms, including many mobile options; risk engines which evaluate numerous definable factors which can be gathered at runtime and compared against enterprise policies.”
Mobile is a key focus for today’s Cloud MFA solutions. Mobile options such as fingerprint scan, facial recognition, or FIDO deliver ease of use, making the authentication experience as frictionless as possible for users. Other Cloud MFA methods for mobile include:
- One-time password (OTP) delivered through a mobile authenticator app
- Out-of-band application confirmation (e.g., mobile push notifications can be used to authorize transactions OOB)
- Identity context analytics (e.g., based on mobile data such as geolocation, device health assessment, and behavioral biometrics)
Many different mobile-specific data points can be gathered, collected, and analyzed by the Cloud MFA solution’s risk engine to determine the level of risk. This data can include device health, detecting, among others, if the device has been jailbroken or if there has been any suspicious activity. Insight can also be provided for authentication and biometrics, for example, face recognition score or PIN strength. General device information is another example from a wide array of mobile intelligence, and can include the version of the operating system, device model, and more.Adaptive Authentication is the Differentiator
According to KuppingerCole, “the key differentiators have become the use of new technologies to step up the user’s authentication assurance level or to collect and analyze information about the user’s session.”
Step-up authentication, also known as adaptive authentication, continuously analyzes a user’s activities, environment, and behaviors to determine the precise level of security for each unique transaction. Adaptive authentication distinguishes itself from standalone authentication tools by employing specialized authentication methods based on real-time risk analysis. Instead of forcing a user-initiated event, such as entering a PIN or password, a user may have to pass through a series of authentication checks to gain access to particular services for riskier interactions – or no additional checks at all for low-risk transactions (e.g., checking your account balance).
How OneSpan Can Help
As a 2018 KuppingerCole Market Leader, OneSpan solves these challenges with Intelligent Adaptive Authentication (IAA). Intelligent Adaptive Authentication combines risk analytics, mobile security, MFA, biometrics, and many other technologies to create a smart and dynamic authentication process in which a precise level of security is applied to each transaction – no more, no less. This enables financial institutions to drive top line growth, reduce fraud, achieve regulatory compliance, and provide the best user experience possible.