A Logical Defense Against Attacks on Mobile Devices

A Logical Defense Against Attacks on Mobile Devices

When it comes to mobile security, pairing biometrics with device authentication is a logical defense against attacks.

As increasing numbers of businesses and consumers alike rely on mobile devices to engage and transact, exchanging sensitive financial and personally-identifiable information (PII) along the way, it has become imperative that new approaches to mobile security be deployed.

There are nearly daily headlines about security breaches at some of the world’s top firms. Long the norm for years, simple username and password protocols for authenticating users are no longer enough for mitigating financial and reputational damage due to fraud.

Many financial institutions, payment service providers (PSPs), retailers and other enterprises looking to leverage the mobile channel to increase customer engagement already realize the inherent weakness of usernames and passwords and are beginning to investigate superior means of authentication. Yet they are also concerned about inconveniencing customers. Businesses of all types are recognizing the benefits of a multi-layered approach to mobile security including the latest biometric and device authentication measures to reduce friction, improve the customer experience and still create a strong defensive posture against attacks.

The Problem with Passwords

Passwords have been considered problematic within the information security community for a decade. According to a study by KeeperSecurity, the most popular password in 2016 was 123456, with the word “password” in the top 10. In addition to guessing, fraudsters can steal passwords through phishing, keylogging and network interception.

The reason for simplistic passwords and password recycling (using the same or slightly varied password across different sites) is consumer frustration with forgetting their passcodes. As mobile and online adoption continues to increase, organizations have begun to embrace fingerprint biometrics as a way to reduce password fatigue, eliminate the headaches involved in dealing with stolen credentials, and to reduce friction along the transaction lifecycle.

Fingerprints: Leading the Biometrics Revolution

Biometrics are typically broken into two distinctive categories, physiological and behavioral. Physiological characteristics include fingerprints, DNA, irises, faces, and even odor. Behavioral characteristics include typing rhythm, gait and voice.

First out of the gate to the mass market has been fingerprints. According to a study by Juniper Research, fingerprints are the most common form of biometric authentication – and consumers like it.  Research by Gigya showed that 80 percent preferred biometrics and perceived them as more secure than usernames and passwords, which they, of course, are. Gigya also found that nearly half of the millennial respondents used one or more forms of biometric authentication. Fingerprint scanning was by far the most used at 38 percent, with voice recognition at 15 percent, facial recognition at 11 percent, and iris scanning at 5 percent.

Fingerprints are popular with consumers because they are convenient.  Other forms of biometric authentication, such as attempting voice recognition by speaking into a phone in a noisy or public environment, for example, are not always convenient or easy, but using a thumbprint is both quiet and inconspicuous.

User authentication via fingerprints solves customer frustration and strengthens security simultaneously, but fingerprint authentication alone is not the silver bullet for mitigating fraud.

Device Authentication: The One-Two Punch

Deploying one layer of biometric authentication may not be enough to secure mobile transactions, however. Biometrics fulfill the “something you are” component of multi-factor authentication (MFA), and while deploying more than one mode of biometric authentication can fulfill MFA requirements, to strengthen authentication further, organizations should also employ “something you have” or “something you know” conditions – but that can re-introduce points of friction into the transaction workflow for consumers.

The biometric login by itself only proves that the enrolled user is attempting a transaction. Unfortunately, this login gives no insight into the relative security of device itself—in other words, the environment in which the biometric is operating. The device housing the biometric data may be infected with unknown threats, such as application hooking, malware and crimeware designed to bypass the biometric or compromise the information after the biometric authentication is performed.

To truly strengthen security, exceed MFA requirements and ensure a smooth user experience, organizations need to deploy device authentication, fulfilling the “something you have” condition of MFA. When the device itself is authenticated, the environment surrounding the transaction is secured. It is only when one can fully trust the device and confirm the user’s identity that the ultimate device security weapon against fraud—a trusted security token—can be created.

Multi-Layered Security – Your Ultimate Defense

The logical conclusion in the search for the strongest form of mobile device security, then, is for organizations to employ a multi-layered approach that combines the right device authentication solution with biometrics that delivers maximum trust not only in the user, but also in the device itself.

With multi-layered digital device security in place, mobile-optimized businesses can perform device recognition and advanced fraud detection in real time to distinguish trusted users from potential fraudsters. This real-time risk assessment allows businesses to make more confident transaction decisions in a way that is most often invisible to the customer, striking a perfect balance between combating fraud, while continuing to provide a frictionless experience for trusted customers using their preferred device.

Featured

  • Allegion, Comfort Technologies Implement Mobile Credentials at the Artisan Apartment Homes in Florida

    Artisan Apartment Homes, a luxury apartment complex in Dunedin, Florida, recently transitioned from mechanical keys to electronic locks and centralized system software with support from Allegion US, a leading provider of security solutions, technology and services, and Florida-based Comfort Technologies, which specializes in deploying multifamily access control, IoT devices and software management solutions. Read Now

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events
  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

New Products

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.