Identity & Fraud

How Multi-Factor Authentication Helps Customers

How Multi-Factor Authentication Helps Customers

September 09, 2019 | Christine Cornwell

Approximately $12 billion has been stolen by identity thieves over the past six years[i], and consumers are increasingly aware of its risks. Accordingly, your customers are becoming more inclined to answer questions, input codes sent by SMS to a mobile device, or even submit to biometric checks in an effort to guard their security and privacy. Further, 74 percent of consumers surveyed indicate they’d be willing to use an additional authentication method for most transactions if it enhanced their overall security[ii].

But there’s a limit to how much information they’re willing to provide. Research shows that as questions become more personal, customers become more likely to abandon the purchase or application[iii]. So, you need to strike a balance between seeking a frictionless customer experience and screening for criminals. And that means finding the best authentication and identity verification methods for your organization.

The More, The Merrier When It Comes to Authentication Factors

Consumers are mostly familiar and comfortable with knowledge-based authentication (KBA) and SMS verification-based authentication. But both can leave significant gaps when it comes to risk reduction. Static KBA solutions often pose questions whose answers can be found in public records, in social media posts, or among the contents of a stolen purse or wallet. SMS codes can be intercepted with phone number theft or cell tower hijacking.

Relying on simple and familiar authentication methods may be appropriate in some low-risk situations. However, they should form only one part of your overall customer identity verification strategy. For higher-risk and more complex scenarios, it’s time to find a better way. Traditionally, multi-factor authentication (MFA) asks consumers to provide information from two or three of these categories:

  1. Something they know (such as a password)
  2. Something they are (such as their thumbprint)
  3. Something they have (such as a cell phone or physical token)

More Advanced Solutions Increase Accuracy and Ease

But more advanced solutions drawing upon deeper data sources can verify identities with newfound accuracy. More importantly, they can do it without asking intrusive questions or setting up time-consuming checks. What if you could combine personal authentication with device identity verification? Doing so would allow you to check whether or not the device has been used before, where it was used, and which other devices were used to access the same accounts. Controlling for anomalies in this way makes it possible to introduce additional safeguards in cases where a consumer requests a new passcode. A push notification, in the form of a secure link, sent to his/her digital device is much more secure than the first generation one-time passcode.

It’s easy for customers to confirm mobile phone account data. For an identity check, it simply involves entering a few digits on the keypad. It doesn’t feel meddlesome or invasive. And it can greatly increase your confidence that customers are who they say they are.

Optimize and Orchestrate for Better Results

Strong MFA schemes apply a multi-layered approach. They use data analytics to determine which accounts and transactions might require extra scrutiny and which could be simplified without introducing additional risks. A case management system could accomplish this. It could allow your organization to determine the best decision logic and escalation sensitivity for your individual business needs.

For instance, the lowest-risk transactions involving small sums and longtime customers with no history of questionable behavior could be subject to the simplest controls. It would involve no more than a confirmation that the customer’s ZIP code and Social Security number match mobile device data. In contrast, higher-value transactions or those completed in more complex circumstances might be contingent on passing a biometric check. This could involve fingerprint or voice recognition, or identity confirmation through upload of a “selfie” that matches the customer’s drivers’ license photo.

Orchestration is the process of defining and then executing decision logic automatically across platforms. Therefore, it can reduce the number of times that you’ll need to question customers manually. As a result, this saves time and reduces frustration. You’ll see more accurate decisioning and save on labor costs as well. By applying data modeling and machine learning to large customer data sets, you can work to continuously improve the processes. For example, you can add authentication factors when their inclusion boosts accuracy. Then, you can remove them when they detract from the customer experience. Download our eBook, Discover Your Maximum Viable Person. You'll learn more about combining deep data with advanced analytics for better identity verification and authentication procedures.

 

[i] https://www.javelinstrategy.com/coverage-area/2016-identity-fraud-fraud-hits-inflection-point

[ii] https://www.ibm.com/downloads/cas/QRBY08NO

[iii] https://www.equifax.com/international/uk/documents/self_defence.pdf