A Logical Defense Against Attacks on Mobile Devices

A Logical Defense Against Attacks on Mobile Devices

When it comes to mobile security, pairing biometrics with device authentication is a logical defense against attacks.

As increasing numbers of businesses and consumers alike rely on mobile devices to engage and transact, exchanging sensitive financial and personally-identifiable information (PII) along the way, it has become imperative that new approaches to mobile security be deployed.

There are nearly daily headlines about security breaches at some of the world’s top firms. Long the norm for years, simple username and password protocols for authenticating users are no longer enough for mitigating financial and reputational damage due to fraud.

Many financial institutions, payment service providers (PSPs), retailers and other enterprises looking to leverage the mobile channel to increase customer engagement already realize the inherent weakness of usernames and passwords and are beginning to investigate superior means of authentication. Yet they are also concerned about inconveniencing customers. Businesses of all types are recognizing the benefits of a multi-layered approach to mobile security including the latest biometric and device authentication measures to reduce friction, improve the customer experience and still create a strong defensive posture against attacks.

The Problem with Passwords

Passwords have been considered problematic within the information security community for a decade. According to a study by KeeperSecurity, the most popular password in 2016 was 123456, with the word “password” in the top 10. In addition to guessing, fraudsters can steal passwords through phishing, keylogging and network interception.

The reason for simplistic passwords and password recycling (using the same or slightly varied password across different sites) is consumer frustration with forgetting their passcodes. As mobile and online adoption continues to increase, organizations have begun to embrace fingerprint biometrics as a way to reduce password fatigue, eliminate the headaches involved in dealing with stolen credentials, and to reduce friction along the transaction lifecycle.

Fingerprints: Leading the Biometrics Revolution

Biometrics are typically broken into two distinctive categories, physiological and behavioral. Physiological characteristics include fingerprints, DNA, irises, faces, and even odor. Behavioral characteristics include typing rhythm, gait and voice.

First out of the gate to the mass market has been fingerprints. According to a study by Juniper Research, fingerprints are the most common form of biometric authentication – and consumers like it.  Research by Gigya showed that 80 percent preferred biometrics and perceived them as more secure than usernames and passwords, which they, of course, are. Gigya also found that nearly half of the millennial respondents used one or more forms of biometric authentication. Fingerprint scanning was by far the most used at 38 percent, with voice recognition at 15 percent, facial recognition at 11 percent, and iris scanning at 5 percent.

Fingerprints are popular with consumers because they are convenient.  Other forms of biometric authentication, such as attempting voice recognition by speaking into a phone in a noisy or public environment, for example, are not always convenient or easy, but using a thumbprint is both quiet and inconspicuous.

User authentication via fingerprints solves customer frustration and strengthens security simultaneously, but fingerprint authentication alone is not the silver bullet for mitigating fraud.

Device Authentication: The One-Two Punch

Deploying one layer of biometric authentication may not be enough to secure mobile transactions, however. Biometrics fulfill the “something you are” component of multi-factor authentication (MFA), and while deploying more than one mode of biometric authentication can fulfill MFA requirements, to strengthen authentication further, organizations should also employ “something you have” or “something you know” conditions – but that can re-introduce points of friction into the transaction workflow for consumers.

The biometric login by itself only proves that the enrolled user is attempting a transaction. Unfortunately, this login gives no insight into the relative security of device itself—in other words, the environment in which the biometric is operating. The device housing the biometric data may be infected with unknown threats, such as application hooking, malware and crimeware designed to bypass the biometric or compromise the information after the biometric authentication is performed.

To truly strengthen security, exceed MFA requirements and ensure a smooth user experience, organizations need to deploy device authentication, fulfilling the “something you have” condition of MFA. When the device itself is authenticated, the environment surrounding the transaction is secured. It is only when one can fully trust the device and confirm the user’s identity that the ultimate device security weapon against fraud—a trusted security token—can be created.

Multi-Layered Security – Your Ultimate Defense

The logical conclusion in the search for the strongest form of mobile device security, then, is for organizations to employ a multi-layered approach that combines the right device authentication solution with biometrics that delivers maximum trust not only in the user, but also in the device itself.

With multi-layered digital device security in place, mobile-optimized businesses can perform device recognition and advanced fraud detection in real time to distinguish trusted users from potential fraudsters. This real-time risk assessment allows businesses to make more confident transaction decisions in a way that is most often invisible to the customer, striking a perfect balance between combating fraud, while continuing to provide a frictionless experience for trusted customers using their preferred device.

Featured

  • NOLA: The Crescent City

    Twenty years later we finds ourselves in New Orleans. Twenty years ago the aftermath of Hurricane Katrina forced exhibitors and attendees to look elsewhere for tradeshow floor space. Read Now

    • Industry Events
    • GSX
  • Nothing Artificial About this Intelligence

    I have been looking forward to this year’s GSX show in New Orleans, the Cresent City, or if you prefer The Big Easy. It seems like quite a while since we’ve been here. Twenty years ago, ASIS, as it was known then was literally washed out of the city by someone known as Katrina. It is a good thing to come back to NOLA. Read Now

  • From Monitors to Mission Control

    Security Operations Centers (SOC) were once defined by rows of static monitors, each displaying a single feed with operators quietly watching for issues. That model has become obsolete. Incidents evolve too quickly, data comes from multiple locations, and decisions must be made in seconds—not minutes. Read Now

  • New Gas Monkey Garage Venue Uses AI-Enhanced Video Technology

    Gas Monkey Garage, the automotive custom shop and entertainment brand founded by Richard Rawlings of Fast N’ Loud TV fame, has opened a vibrant new restaurant and bar in South Dakota, equipped with advanced, AI-enhanced video tech from IDIS Americas. Read Now

  • Data Driven, Proactive Response

    As cities face rising demands for smarter policing and faster emergency response, Real Time Crime Centers (RTCCs) are emerging as essential hubs for data-driven public safety. In this interview, two experts with deep field experience — Ross Bourgeois of New Orleans and Dean Cunningham of Axis Communications — draw on decades of operational, leadership and technology expertise to share how RTCCs are transforming public safety through innovation, interagency collaboration and a relentless focus on community impact. Read Now

New Products

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.