reduce friction and risk with device authentication
TRANSCRIPT
REDUCE FRICTION AND RISK
WITH DEVICE AUTHENTICATION
Getting Beyond the Password for Consumer Authentication
Authentication
Landscape
Device-Based
AuthenticationHow it Works
1 2 3
Authentication
Landscape
“A real-time process that corroborates a claimed digital
identity to yield a specified or understood level of
confidence and trust.”
What is Authentication?
ESTABLISHING CONFIDENCE AND TRUST
Known Possessed Inherent
E L E M E N T S O F M U LT I - F A C T O R A U T H E N T I C AT I O N
ESTABLISHING CONFIDENCE AND TRUST
Something known to only the user
• Password
• Passphrase
• PIN
• Pattern or a picture
E L E M E N T S O F M U LT I - F A C T O R A U T H E N T I C AT I O N
Known
Something possessed only by the user
• Token–such as an OTP token pushed via
text message to a smart phone
• Smart card with X.509 public-key
infrastructure credentials
• Devices you have
Possessed
ESTABLISHING CONFIDENCE AND TRUST
E L E M E N T S O F M U LT I - F A C T O R A U T H E N T I C AT I O N
Something inherent only to the user
• Biometric trait, such as face topography,
fingerprint or
typing rhythm.
Inherent
ESTABLISHING CONFIDENCE AND TRUST
E L E M E N T S O F M U LT I - F A C T O R A U T H E N T I C AT I O N
• Authentication = passwords
• User Experience critical
• Many online accounts
• Specialized hardware won’t work
EnterpriseConsumer
• Strong multi-factor authentication
• Security outweighs user experience
• Unified enterprise account
• Standardization
CONSUMER VS. ENTERPRISE
• Poor user experience
• Conversion, retention
Excessive
Challenges
Cost of Multi-Factor
Authentication
• KBA and OTP
• Tokens
High ATO &
ID Theft at Login
• Consumer credentials are
prime target
ESTABLISHING CONFIDENCE AND TRUST
FACTS ABOUT STEP-UP CHALLENGES?
Knowledge-based authentication (KBA):
‒ Failure rate of 10-15%, up to 30%
‒ Leads to mistrust and alienates users
‒ Drives up customer service costs: Average
cost of $12-$15/call
Source: Gartner, When Knowledge-Based Authentication Fails, and What You Can Do About It, Avivah Litan, Sept 2012
Problems with One-Time Passwords
— 29% surveyed say up to 20% of OTPs
fail to be delivered
— About half due to invalid mobile number
FACTS ABOUT STEP-UP CHALLENGES?
Source: Ponemon Institute and Tyntec, 2014, IT Security Pros Abandoning Traditional Security Measures in Favor of SMS-Based Two-Factor Authentication
What is Device-Based
Authentication?
What is Device-Based Authentication?
LOW FRICTIONHIGH FRICTION
What does it do?
Pairs authorized devices
with user accounts.
What does it do?
Adds check for an authorized
device on every login attempt.
What does it do?
Gives businesses a way to
improve account security while
simultaneously enhancing their
customer experience.
EFFECTIVE DEVICE AUTHENTICATION
R O B U S T D E V I C E R E C O G N I T I O N
• Utilizes deep analytics of device
attributes over time
• Measures and tracks change
independent of cookies and
IP addresses
EFFECTIVE DEVICE AUTHENTICATION
• Works on all devices
(desktop, laptop, tablet, mobile)
• Supports browsers and apps
C O N S I S T E N T O N L I N E E X P E R I E N C E
How it Works
OBJECTIVES OF DEVICE-BASED AUTHENTICATION
Avoid unnecessary
challenge questions
Enhance customer
confidenceStop account takeovers
2 31
Match Accept
Login
No
Match
Step up
Authentication
Pairing
Check
Device
Pairing
SUCCESS
LoginUser
AccessUser Access Login
END USER
IOVATION
BUSINESS
HOW AUTHENTICATION WORKS
ADD THE POWER OF IOVATION’S RISK PLATFORM
• Authentication and risk checks coupled
in a single API
• Benefit from fraud intelligence submitted
by thousands of fraud analysts
• Consistent tracking of device activity throughout
your organization
• Adds strong device recognition, link analysis and
velocity checks
C o m b i n e i o v a t i o n ’ s d e v i c e - b a s e d a u t h e n t i c a t i o n a n d r i s k s e r v i c e
f o r c o m p r e h e n s i v e p r e v e n t i o n o f a c c o u n t t a k e o v e r :
Risk
Check
Match with
measure of
changePairing
Check
LoginUser
AccessUser Access Login
Allow or
Reject
Access
Step Up
Authentication
SUCCESS
Device
PairingEND USER
IOVATION
BUSINESS
Rules
Engine
AUTHENTICATION WITH RISK CHECK
2FA FAILURE
2FA FAILUREUser did not receive
one-time password
2FA FAILURE
Is login an ATO attack at a different location, or a legitimate login by same device?
User did not receive one-time password
iovation
check
iovation
check
Low-Friction, Straight-Through Login Result!
TAKE–AWAYS
81%
D E V I C E - B A S E D A U T H E N T I C AT I O N I S A F R I C T I O N L E S S S E C O N D
FA C T O R O F A U T H E N T I C AT I O N AT L O G I N
• It improves account security while
simultaneously enhancing your
customers’ experience.
• Pair device-based authentication and
iovation’s risk service for
the strongest impact.
