mobile payments, transactions & authenticationfspgroup.ca/docs/fsp201210_02.pdf ·...
TRANSCRIPT
Mobile Payments, Transactions & Authentication
Sr. Principal Consultant
CA Technologies
Rob Wilson
Mobile Payments?
Don’t have enough cash for those beer battered shrimp tacos and
specialty burger from your favorite food truck?
Want to order that limited edition red vinyl album by one of your favorite bands before they sell out to every kid in Toronto?
Forget to pay your cell phone bill and it’s moments from shutting off?
Mobile payments will save you!
Why the Interest in Mobile Payments? The Explosive Growth of Mobile Devices
What is a Mobile Payment Anyway?
Mobile Payments & Transactions Use and Growth
Have you Purchased Something with Your Mobile Phone?
Why Do People Use Mobile to Pay?
Why Mobile Matters To Financial Institutions
8
Authenticating Mobile Payments & Transactions Walking The Tightrope
Maintain a Balance Between Security and User Convenience
On the one hand you need to reduce risk of identity theft and fraud
On the other hand you need to make the experience simple
Complex process, & changes in behaviour drive up help-desk calls & frustrate users Do not drive users to more expensive channels, or the competition Don’t Forget! You need to contain costs of the solution • Not all transactions are equally risky • Be proportionate to perceived risk
Adding Risk Based Authentication for Mobile Transactions
10
Motivations for Risk Based Authentication
11
Motivations for Risk Based Authentication
5. Easy to Deploy − Server side implementation
− Minimal to no client side integration
4. Works Well on Mobile − Fingerprinting mobile devices
− Soft token integration on SmartPhones (step up authentication)
− Transaction Signing integration with Smartphone OTP & soft tokens
3. Flexible Adaptable to mobile, kiosks, telephone voice response etc..
2. Easy to Use Users don’t see what’s happening and experience unchanged
1. Cost Effective The SmartPhone as Multifactor Authenticator (OTPs, Soft Token, SMS/text/email etc)
No additional client hardware 12
Need to Ensure Mobile Transaction Fidelity
Is this the real person?
Is this the intended
transaction
Has the transaction been
modified?
Can the transaction data be securely
conveyed?
Kiosk Web Portal
Mobile App
ATM eCommerce Fax Telephone In-Branch Documents VPN
Verifying Who is Making a Mobile Transaction
• Device Identification
• Identity Vetting
• Password
• Q&A
• ArcotID – 2FA
• Dynamic Pass-codes – SMS/email/voice
• Mobile as a token
• Predictive Modeling
Is this the real person?
Is this the intended
transaction?
Has the transaction
been modified?
Are They Making a Reasonable Purchase?
• Predictive Modeling
• Configurable Rules
• Flexible Alerts – SMS/email/voice/CSR
• Identity Vetting
Is this the real person?
Is this the intended
transaction?
Has the transaction
been modified?
Ensure the Transaction Integrity
Is this the real person?
Is this the intended
transaction?
Has the transaction
been modified?
• Virtual Private Session
• Out Of Band Confirmation
• Transaction Signing – with OTP
• Transaction Signing – with PKI
Transaction Signing – OTP based Transaction Details
1
Launch Application
3
Enter PIN, Challenge &
Amount
4
Get Back OTP
2
Select Account
Authentication Using QR Codes
18
Using QR Codes During Authentication CloudPass® Instant Online Banking Logon
19
Customer Reads the CloudPass® QR Code With Their Mobile Application and is Automatically Logged In to Their Bank Site
Reduce Online Fraud Well Known Example
Challenge: How to Reduce Fraud and Increase Consumer Confidence
High levels of Card Not Present (CNP) fraud
Low consumer trust affecting eCommerce growth
Solution: 3-D Secure (Verified by Visa & MasterCard SecureCode)
3 Party solution (Merchant, Issuer, Card Scheme)
CNP shoppers authenticate directly with the card issuer whilst
on the merchant web site.
Customers
Issuing banks, merchants, card schemes & payment service
providers.
Cardholder Authentication for Online Purchases
CA Digital Banking & Payments Solution
22
Online Checkout w/credit card
Person to Person Payments
Online Checkout w/cloud wallet
Mobile Wallet
Software & Cloud Based Mobile Wallet
Lower Cost of Ownership
Multi Channel Security
Better Customer Experience
$
Identity Authentication
Across Channels
Cross Channel Activity Learning
Transparent / Step-up Authentication
Cross Channel Risk Modeling
Online & Mobile Banking
Automated Teller
IVR / Call Center
Social Media Integration
Single Security Policy
Cloud Deployment Model
Lower Consumer Helpdesk Cost
Thank You