Mobile technology advances eliminate UX/security struggle
Important developments in fin-tech sometimes take longer to reach market than they should because companies struggle to balance security and user experience.
It doesn’t have to be that way, Entrust Datacard’s global vice president of authentication Ryan Zlockie said.[caption id="attachment_71355" align="alignleft" width="300"] Ryan Zlockie[/caption]
Entrust Datacard helps financial services companies improve their authentication and security measures related to account registration and mobile finance.
“If we can make it around the mobile platform where security fades into the background, that’s a big win for the banks and for our customers,” Mr. Zlockie said.
That security indeed fades into the background through what Mr.Zlockie refers to as adaptive authentication, a process the customer does not even notice.
And a lot is indeed going on in the background during a mobile transaction. It is being checked against normal use patterns. The device itself is being analyzed, as is the user. Even the way the device is being held can be assessed.
“When we provision it, it creates a really strong bind between the user and the device,” Mr. Zlockie said.
And that bind is best kept by personalizing the experience to meet the needs of every single customer. Consider what they want in the experience both in the branch and with the card. Improve the period while they are waiting for a new physical card, and maximize the potential of mobile.
“You’re not just looking at the physical card,” Mr. Zlockie said. “You’re looking at the person and their identity and how can they have a good experience with the card and a lot of other aspects around their mobile banking experience.”
That experience tends to be viewed better if the user is never defrauded and that means strong authentication techniques that are quickly replacing popular methods.
“From protecting data we believe relying on usernames and passwords is completely inadequate,” Mr. Zlockie said.
Look no further than many of the big data breaches that have recently occurred. Weak user credentials were at the heart of most of them.
So while the technology on the back end can greatly improve, if the front door is essentially left open by passwords such as “1234” and “password,” the user remains vulnerable. Better to improve the entire system through a combination of methods.
Analyze a user’s typical transaction patterns and have them acknowledge outliers. Use improvements in smartphone technology to understand the owner like never before. Whereas older iterations could not foster the proper balance between user experience and security, the newest editions capitalize on the information provided by internal sensors to provide more comprehensive security capability.
Best to create the foundation of strong credentials to use the mobile phone in the first place, Mr. Zlockie said. Produce a special smart card applet that cannot be copied or altered without invalidating the unit.
“Most of the time you don’t need to ask the user for anything,” Mr. Zlockie said. “Those other elements are strong enough from a security standpoint to where it’s an exceptional user experience without knowing all that is going on in the background.”
When it comes to adding layers, sometimes Entrust Datacard looks for partners strong in a particular area of need. Should they not find any, they will consider developing it in-house.
“We believe in as many inputs as we can consume and understand they will just make a better security decision,” Mr. Zlockie said.