By Didier Serra, Executive Vice President, Partnerships, SecureKey
Mobile apps provide an opportunity for banks and financial service providers to create a new foundation for security and convenience. To capitalize on the opportunity, institutions need to ensure that they are making the most of the device capabilities by enabling strong, cryptographic, device-based authentication.The goal, however, is to hide the security complexity from the user to both increase compliance and eliminate authentication hassles. When this hurdle is passed, mobile services can become the keystone of cross-channel user authentication.
Mobile security is about much more than payments. Two primary trends driving both identity and financial services are the shift from payment card numbers to “tokenization” and the shift from passwords to device-based identities. Both will have a significant impact on how financial service providers understand and model risk profiles.
John Hawley said, “Identity is the new perimeter.” It implies the need for a tight binding between the transaction and person conducting it. Mobile devices are well suited to serve both the user and the service – the key is having the right identity platform in place.
Shift #1: Payment card numbers to tokenization
Financial institutions are often on the leading edge of innovation to keep increasingly tech-savvy and mobile customers happy, yet they must always ensure the strongest security possible.
The latest shift is towards tokenization. Organizations make tokens available for use on a given consumer device, at any given time, and for any given transaction. The tokens are basically limited-use numerical avatars of the real credentials. They are released by the consumer’s device once proper authentication has occurred using various methods such as a fingerprint biometric swipe or a user PIN entry. Without satisfactory authentication, the token won’t be released.
Both the payments industry and card associations support tokenization. With Apple’s support for near field communication and tokenization of payment credentials, a spotlight is shining on the shift. Tokenization is fundamentally changing the risk profile for the payment credentials exchanged over the network. It will serve a vital role in delivering the security that financial services companies demand along with the convenience and mobility today’s consumers expect. This was a missing piece to mass adoption of mobile and NFC payment.
Shift #2: From secure mobile to cloud
Cloud services and mobility are the dynamic duo of usability for today’s connected consumer. Shifting from static user names and passwords to cloud-verified digital IDs, financial service companies can drastically increase consumer convenience and security. It enables customers to use their trusted devices to access online services without having to remember user credentials.
Simplifying the security requirements means that consumers are likely to take appropriate measures rather than circumventing them in an attempt to avoid friction in the user experience. Financial service organizations are able to do more security work in the cloud and on the backend, while easing strain on the consumer.
The key is to make it easy for customers and hard for crooks. Hide the security in the mobile device, and build your web service with a strong identity platform partner. Guessing passwords is easy for crooks, but getting the phone out of the customer’s hand is hard.