September 23 2022
Imagine this: you log into your mobile banking account to make a large, one-off payment transfer. It could be a transfer to a friend or family member, or a payment to your savings account, or even a deposit for a mortgage. You complete the usual log-in authentication steps that your bank has put in place – a password or PIN. However, you notice that the bank does not do anything further to verify your identity before completing the payment. Concerned, you back out of the process – where’s the additional security?
This concern is warranted: the FTC data shows that consumers reported losing more than $5.8 billion to fraud in 2021, which is up 70% from 2020. In scenarios like the above, step-up authentication is crucial in providing additional security and giving customers peace of mind.
Step-up authentication is needed in scenarios where an organization needs to be doubly-certain that the online individual making the higher risk payment or other transaction is who they claim to be. It still needs to be user-friendly, however. It should not require complex procedures involving tokens or one-time passcodes. This is why iProov’s effortless face authentication technology is ideal for secure and effortless step-up authentication, providing extra protection without impacting user experience.
In this article, we’ll explain step-up authentication in-depth and the advantages of iProov face biometrics in step-up authentication user journeys.
Step-up authentication is used when an individual is attempting to access certain information or carry out higher risk transactions online. It means the user must complete extra levels of authentication to prove that they are who they claim to be and that they are authorized to carry out the task they are attempting to complete.
Step-up authentication is used when the risk is higher – for example, an individual transferring $20 online might not have to complete step-up authentication but a $2000 payment would trigger the extra check. Another example could be introducing step-up authentication when a person is requesting to change the phone number or address on the account.
By introducing an additional layer of security, organizations can make it more difficult for fraudsters to take over accounts and extract funds or sensitive information. Step-up authentication is also sometimes known as ‘contextual authentication’.
Step-up authentication can be triggered on a transaction basis or it could be behavioral-based. An organization decides how and when step-up authentication should be used.
Imagine this retail banking use-case:
Organizations can choose various authentication methods for step-up authentication, such as a SMS one-time passcode or a security token device, for example. The problem with these methods is that they often lack convenience, inclusivity, or security. What if you don’t have your token device on your person, for instance, or you don’t have cellular signal to receive the SMS OTP? These methods can add more friction to a customer journey, while also failing to deliver the levels of security that are needed.
This is why biometric face authentication from iProov is ideal for step-up authentication scenarios – it adds the additional robust security without inconveniencing or excluding users.
Organizations should implement both mutli-factor authentication and step-up authentication for optimal security. Face biometrics is crucial for delivering both without impacting user experience.
Fraud is on the rise: global losses from payment fraud tripled from $9.84 billion in 2011 to $32.39 in 2020. This has led to stronger authentication rules and more regulations around the world, for example with PSD2 and Strong Customer Authentication in Europe. These measures, which encourage multi-factor authentication and step-up authentication, are all important because they help defend against the growing threat of online fraud.
Let’s say that someone has gained access to your bank account through an account takeover attack. How would step-up authentication help?
Step-up authentication is important because it can limit fraud, and when done correctly – with the right technology – it delivers contextual security without complexity. It’s that simple.
We’ve established what step-up authentication is and why it’s so important. But the truth with any authentication security initiatives is that they’re only as secure as the technology that you use to implement them.
Biometric face authentication from iProov offers step-up authentication that is more secure, usable, and convenient than other methods of delivering it.
First, let’s consider the evolution of authentication. Authentication technology has come a long way since the advent of passwords. The internet is plagued with cybercrime – new account fraud, sythentic identity fraud, and account takeover fraud to name a few.
Because cybercrime has become more complex, authentication technology has become more advanced:
It is imperative that any online security measure offers convenience, otherwise users are likely to drop out of the process. iProov’s Genuine Presence Assurance uniquely combines the highest levels of usability with the highest levels of security, making it the optimal solution for step-up authentication.
Liveness detection is part of biometric authentication. It ensures that an online user is a real person, detecting if the face being presented to the camera is a live human being. Without liveness technology, criminals could spoof the authentication process with masks, photographs, and other presentation attacks. With liveness detection, no one can use a copy (ie a picture) of your face to access your account, because that picture would not pass a liveness assessment.
Only iProov Genuine Presence Assurance can also assure that the user is authenticating right now, which is vital in protecting against digitally injected attacks. Using patented Flashmark™ technology, a one time biometric code is created which cannot be replicated.
Biometrics – or ‘something you are’ – has many advantages for step-up authentication. But not all liveness is the same, and there are various solutions that deliver varying levels of assurance. That’s why you must ensure you’re choosing the right biometric vendor.
iProov Genuine Presence Assurance technology delivers:
Enabling organizations to:
iProov supports Dutch challenger bank, Knab, with strong customer authentication and step-up authentication capabilities. When a customer completes a high-risk transaction, they’re prompted to complete a brief face scan from iProov, proving their identity with the highest level of assurance.
Knab’s adoption of iProov also sees the bank move away from its previous token-based solution, dispensing with costly and unpopular hardware and the associated administrative burden. iProov’s cloud-based process is fully automatic, does not use human agents, and is extremely fast, reliable, and secure.
The Dutch regulator has been a European leader in encouraging banks to adopt innovative Know Your Customer (KYC) technology to enhance compliance. Banks have therefore increasingly turned to new digital journeys and emerging technologies to meet regulatory challenges and prevent hefty fines. Following rigorous security and customer testing, iProov was selected by Knab for the high-quality experience it will deliver to the bank’s customer base.
Marcel Kalse, Co-Founder, Knab said: “Our customers really are everything to Knab. That’s why we chose iProov – like us, they are clear leaders in delivering the very best customer experience without compromising on the highest standards of security and compliance.”
Want to brush up on your biometric knowledge? Visit our Biometric Encyclopedia!