A Logical Defense Against Attacks on Mobile Devices

A Logical Defense Against Attacks on Mobile Devices

When it comes to mobile security, pairing biometrics with device authentication is a logical defense against attacks.

As increasing numbers of businesses and consumers alike rely on mobile devices to engage and transact, exchanging sensitive financial and personally-identifiable information (PII) along the way, it has become imperative that new approaches to mobile security be deployed.

There are nearly daily headlines about security breaches at some of the world’s top firms. Long the norm for years, simple username and password protocols for authenticating users are no longer enough for mitigating financial and reputational damage due to fraud.

Many financial institutions, payment service providers (PSPs), retailers and other enterprises looking to leverage the mobile channel to increase customer engagement already realize the inherent weakness of usernames and passwords and are beginning to investigate superior means of authentication. Yet they are also concerned about inconveniencing customers. Businesses of all types are recognizing the benefits of a multi-layered approach to mobile security including the latest biometric and device authentication measures to reduce friction, improve the customer experience and still create a strong defensive posture against attacks.

The Problem with Passwords

Passwords have been considered problematic within the information security community for a decade. According to a study by KeeperSecurity, the most popular password in 2016 was 123456, with the word “password” in the top 10. In addition to guessing, fraudsters can steal passwords through phishing, keylogging and network interception.

The reason for simplistic passwords and password recycling (using the same or slightly varied password across different sites) is consumer frustration with forgetting their passcodes. As mobile and online adoption continues to increase, organizations have begun to embrace fingerprint biometrics as a way to reduce password fatigue, eliminate the headaches involved in dealing with stolen credentials, and to reduce friction along the transaction lifecycle.

Fingerprints: Leading the Biometrics Revolution

Biometrics are typically broken into two distinctive categories, physiological and behavioral. Physiological characteristics include fingerprints, DNA, irises, faces, and even odor. Behavioral characteristics include typing rhythm, gait and voice.

First out of the gate to the mass market has been fingerprints. According to a study by Juniper Research, fingerprints are the most common form of biometric authentication – and consumers like it.  Research by Gigya showed that 80 percent preferred biometrics and perceived them as more secure than usernames and passwords, which they, of course, are. Gigya also found that nearly half of the millennial respondents used one or more forms of biometric authentication. Fingerprint scanning was by far the most used at 38 percent, with voice recognition at 15 percent, facial recognition at 11 percent, and iris scanning at 5 percent.

Fingerprints are popular with consumers because they are convenient.  Other forms of biometric authentication, such as attempting voice recognition by speaking into a phone in a noisy or public environment, for example, are not always convenient or easy, but using a thumbprint is both quiet and inconspicuous.

User authentication via fingerprints solves customer frustration and strengthens security simultaneously, but fingerprint authentication alone is not the silver bullet for mitigating fraud.

Device Authentication: The One-Two Punch

Deploying one layer of biometric authentication may not be enough to secure mobile transactions, however. Biometrics fulfill the “something you are” component of multi-factor authentication (MFA), and while deploying more than one mode of biometric authentication can fulfill MFA requirements, to strengthen authentication further, organizations should also employ “something you have” or “something you know” conditions – but that can re-introduce points of friction into the transaction workflow for consumers.

The biometric login by itself only proves that the enrolled user is attempting a transaction. Unfortunately, this login gives no insight into the relative security of device itself—in other words, the environment in which the biometric is operating. The device housing the biometric data may be infected with unknown threats, such as application hooking, malware and crimeware designed to bypass the biometric or compromise the information after the biometric authentication is performed.

To truly strengthen security, exceed MFA requirements and ensure a smooth user experience, organizations need to deploy device authentication, fulfilling the “something you have” condition of MFA. When the device itself is authenticated, the environment surrounding the transaction is secured. It is only when one can fully trust the device and confirm the user’s identity that the ultimate device security weapon against fraud—a trusted security token—can be created.

Multi-Layered Security – Your Ultimate Defense

The logical conclusion in the search for the strongest form of mobile device security, then, is for organizations to employ a multi-layered approach that combines the right device authentication solution with biometrics that delivers maximum trust not only in the user, but also in the device itself.

With multi-layered digital device security in place, mobile-optimized businesses can perform device recognition and advanced fraud detection in real time to distinguish trusted users from potential fraudsters. This real-time risk assessment allows businesses to make more confident transaction decisions in a way that is most often invisible to the customer, striking a perfect balance between combating fraud, while continuing to provide a frictionless experience for trusted customers using their preferred device.

Featured

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events
  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

  • DHS to End ‘Shoes-Off’ Travel Policy

    Homeland Security Secretary Kristi Noem announced a new policy today which will allow passengers traveling through domestic airports to keep their shoes on while passing through security screening at TSA checkpoints. Read Now

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.