Biometrics for step-up authentication What is step-up authentication or contextual authentication?

Why Choose Face Biometrics for Step-Up Authentication?

23 September 2022

Imagine this: you log into your mobile banking account to make a large, one-off payment transfer. It could be a transfer to a friend or family member, or a payment to your savings account, or even a deposit for a mortgage. You complete the usual log-in authentication steps that your bank has put in place – a password or PIN. However, you notice that the bank does not do anything further to verify your identity before completing the payment. Concerned, you back out of the process – where’s the additional security?

This concern is warranted: the FTC data shows that consumers reported losing more than $5.8 billion to fraud in 2021, which is up 70% from 2020. In scenarios like the above, step-up authentication is crucial in providing additional security and giving customers peace of mind.

Step-up authentication is needed in scenarios where an organization needs to be doubly-certain that the online individual making the higher risk payment or other transaction is who they claim to be. It still needs to be user-friendly, however. It should not require complex procedures involving tokens or one-time passcodes. This is why iProov’s effortless face authentication technology is ideal for secure and effortless step-up authentication, providing extra protection without impacting user experience.

In this article, we’ll explain step-up authentication in-depth and the advantages of iProov face biometrics in step-up authentication user journeys.

What is step-up authentication?

Step-up authentication is used when an individual is attempting to access certain information or carry out higher risk transactions online. It means the user must complete extra levels of authentication to prove that they are who they claim to be and that they are authorized to carry out the task they are attempting to complete.

Step-up authentication is used when the risk is higher – for example, an individual transferring $20 online might not have to complete step-up authentication but a $2000 payment would trigger the extra check. Another example could be introducing step-up authentication when a person is requesting to change the phone number or address on the account.

By introducing an additional layer of security, organizations can make it more difficult for fraudsters to take over accounts and extract funds or sensitive information. Step-up authentication is also sometimes known as ‘contextual authentication’.

How does step-up authentication work?

Step-up authentication can be triggered on a transaction basis or it could be behavioral-based. An organization decides how and when step-up authentication should be used.

Imagine this retail banking use-case:

  • You log into your bank account online with your PIN. You can now view your account and carry out smaller, lower risk transactions.
  • But if you decide to add a new payee, or transfer a larger amount of money, the bank requires extra assurance that this is not fraudulent and that you are the genuine account holder.
  • You’re then asked to complete additional authentication in order to be sure you’re the genuine owner of the account.

Organizations can choose various authentication methods for step-up authentication, such as a SMS one-time passcode or a security token device, for example. The problem with these methods is that they often lack convenience, inclusivity, or security. What if you don’t have your token device on your person, for instance, or you don’t have cellular signal to receive the SMS OTP? These methods can add more friction to a customer journey, while also failing to deliver the levels of security that are needed.

This is why biometric face authentication from iProov is ideal for step-up authentication scenarios – it adds the additional robust security without inconveniencing or excluding users.

Step-up authentication vs multi factor authentication: what’s the difference?

  • Multi-factor authentication refers to a security process that uses multiple methods of authentication – such as a password in combination with face verification – to verify a user’s identity. Muti-factor authentication is not contextual: when implemented, it will be necessary for users to complete both steps every time they authenticate.
  • Step-up authentication refers to a security process that uses multiple methods of authentication, but only when a certain event or scenario is triggered. For example, someone could log in to an account with their password and then only need to authenticate further when they set up a new payee. Unlike multi-factor authentication, step-up authentication is contextual.

Organizations should implement both mutli-factor authentication and step-up authentication for optimal security. Face biometrics is crucial for delivering both without impacting user experience.

Why is step-up authentication important?

Fraud is on the rise: global losses from payment fraud tripled from $9.84 billion in 2011 to $32.39 in 2020. This has led to stronger authentication rules and more regulations around the world, for example with PSD2 and Strong Customer Authentication in Europe. These measures, which encourage multi-factor authentication and step-up authentication, are all important because they help defend against the growing threat of online fraud.

Let’s say that someone has gained access to your bank account through an account takeover attack. How would step-up authentication help?

  • The bad actor manages to log into your account – they can now see your balance and your transactions. This is a crime and a severe invasion of privacy, but it has not impacted you financially yet.
  • Next, the bad actor tries to redirect communication methods to themselves – this means that they can then control the account going forwards and bypass potential security checks such as SMS OTPs. Luckily, the bank has set up step-up authentication using iProov’s Genuine Presence Assurance® face biometric technology. And because this is a high-risk account activity, the step-up authentication is triggered.
  • The bad actor is thwarted – they had access to your login credentials but they weren’t able to complete the face biometric authentication because they didn’t have access to your face. Even if they had a photo or video of you, iProov technology would detect that you were not physically present and prevent access. Your account and balance is secure and the bank alerts you to the failed authentication, enabling you to change your compromised account credentials and move on without any financial loss.

Step-up authentication is important because it can limit fraud, and when done correctly – with the right technology – it delivers contextual security without complexity. It’s that simple.

Why are biometrics crucial for step-up authentication?

We’ve established what step-up authentication is and why it’s so important. But the truth with any authentication security initiatives is that they’re only as secure as the technology that you use to implement them.

Biometric face authentication from iProov offers step-up authentication that is more secure, usable, and convenient than other methods of delivering it.

First, let’s consider the evolution of authentication. Authentication technology has come a long way since the advent of passwords. The internet is plagued with cybercrime – new account fraud, sythentic identity fraud, and account takeover fraud to name a few.

Because cybercrime has become more complex, authentication technology has become more advanced:

  • Passwords: Passwords are no longer fit for purpose — they’re constantly forgotten, lost, shared, stolen, and introduce huge overheads for businesses resetting them. They’re a weak form of authentication that is easy to break. That’s why they’re often the ‘bare minimum’ of online security. Read more about the disadvantages of passwords here.
  • One-time passcodes (OTPs): OTPs are slightly more secure as they introduce an element of randomness. But they’re still insecure, often cause accessibility issues, and are inconvenient for users. Read more about the risks of OTP authentication here.
  • Other biometric methods: Let’s take fingerprint authentication as an example. Although it offers more security than other authentication methods, it brings significant inclusivity and accessibility issues – not everyone has a device with a fingerprint reader, for a start. Additionally, fingerprints can be copied using silicon rubber, plus they can be hacked on most devices in around 20 minutes. On-device biometrics can be bypassed by the PIN, too, which is a security risk.
  • iProov Genuine Presence Assurance (GPA): iProov’s biometric face authentication only needs a user-facing camera on any device to enable an individual to conveniently and securely authenticate themselves in seconds. All of the previous authentication examples rely on the device for security. Only iProov’s cloud-based face verification is device-agnostic – authentication happens in the cloud which means a lost, stolen, compromised, or hacked device will not impact the authentication process. Additionally, if your device is lost, stolen, or replaced then you can still authenticate on a different device without needing to re-enroll.

Evolution of secure verification from passwords to biometrics

It is imperative that any online security measure offers convenience, otherwise users are likely to drop out of the process. iProov’s Genuine Presence Assurance uniquely combines the highest levels of usability with the highest levels of security, making it the optimal solution for step-up authentication.

Why is liveness needed for biometric step-up authentication?

Liveness detection is part of biometric authentication. It ensures that an online user is a real person, detecting if the face being presented to the camera is a live human being. Without liveness technology, criminals could spoof the authentication process with masks, photographs, and other presentation attacks. With liveness detection, no one can use a copy (ie a picture) of your face to access your account, because that picture would not pass a liveness assessment.

Only iProov Genuine Presence Assurance can also assure that the user is authenticating right now, which is vital in protecting against digitally injected attacks. Using patented Flashmark™ technology, a one time biometric code is created which cannot be replicated.

Biometrics – or ‘something you are’ – has many advantages for step-up authentication. But not all liveness is the same, and there are various solutions that deliver varying levels of assurance. That’s why you must ensure you’re choosing the right biometric vendor.

Why should you choose iProov biometric authentication as part of your step-up authentication strategy?

iProov Genuine Presence Assurance technology delivers:

  • Fast and convenient user experience
  • National-grade security
  • High success rates (typically >98%)
  • Excellent inclusivity and accessibility
  • True usability on any device with a user-facing camera
  • Maximum reassurance for customers that they are safe when using your service

Enabling organizations to:

  • Protect users against account takeover
  • Offer effortless, highly secure authentication
  • Provide reassurance to customers
  • Extend self-service authentication
  • Eliminate the cost of tokens and other hardware

Read the full list of iProov face biometric advantages in this article.

iProov Corporate Overview IPCOROVUS02 22 US v14 01 1

Step-up authentication case study: Knab

iProov supports Dutch challenger bank, Knab, with strong customer authentication and step-up authentication capabilities. When a customer completes a high-risk transaction, they’re prompted to complete a brief face scan from iProov, proving their identity with the highest level of assurance.

Knab’s adoption of iProov also sees the bank move away from its previous token-based solution, dispensing with costly and unpopular hardware and the associated administrative burden. iProov’s cloud-based process is fully automatic, does not use human agents, and is extremely fast, reliable, and secure.

The Dutch regulator has been a European leader in encouraging banks to adopt innovative Know Your Customer (KYC) technology to enhance compliance. Banks have therefore increasingly turned to new digital journeys and emerging technologies to meet regulatory challenges and prevent hefty fines. Following rigorous security and customer testing, iProov was selected by Knab for the high-quality experience it will deliver to the bank’s customer base.

Marcel Kalse, Co-Founder, Knab said: Our customers really are everything to Knab. That’s why we chose iProov – like us, they are clear leaders in delivering the very best customer experience without compromising on the highest standards of security and compliance.”

Step-up authentication using biometrics: a summary

  • Step-up authentication is used in higher risk scenarios to prevent online fraud by asking a user to complete additional levels of authentication.
  • It’s important to use the right technology for step-up authentication. Many authentication methods, such as OTPs, bring security and inclusivity issues.
  • Face biometric authentication from iProov enables step-up authentication that does not impact the user experience. It’s effortless yet secure, meaning that organizations can implement step-up authentication without frustrating or losing users.
  • iProov is already trusted by security-conscious organizations to deliver biometrics for step-up authentication.

If you’d like to learn more, you can visit our step-up authentication page or book an iProov demo here.

Back to Resources

Get a demo