EDITOR’S COMMENT
End of passwords,
arrival of intelligent access
Intelligent access mechanisms that monitor user behaviour
will soon replace cumbersome password recalls, explains
Marwan Elnakat at Gemalto.
Marwan Elnakat is Digital Banking Director
CISMEA at Gemalto.
P
assword fatigue is an all-too-
common inconvenience. And
beyond a simple annoyance, recent
technological advancements mean that
traditional passwords are no longer as
secure as they once were. Since the advent
of the Internet and digital banking, there
has been a rapid evolution in the way
banks authenticate their users, as more
seamless and secure strong authentication
methods have been introduced.
In a country like the UAE, with some
of the highest Internet penetration in the
world, users expect their banks to be at
the forefront of technological innovation
to ensure a seamless digital banking
experience. As a result, the country has a
high level of online banking usage, which
is expected to increase over the years.
Gemalto recently conducted an
e-banking study, which polled 900 global
IT and business decision-makers from
14
the banking sector and 11,000 consumers
across 14 markets. The study revealed that
almost three quarters of UAE consumers
use online and mobile banking.
Despite the rise in digital banking in
the region, the study showed that almost
half of UAE consumers think that there are
security gaps in online banking solutions,
and 39% are concerned that using banking
applications and websites puts them and
their personal information at risk.
As password verification has evolved,
one solution to this problem was the
introduction of additional verification
mechanisms which require the user to
present several pieces of evidence to
confirm their identity, known as multi-
factor authentication. There are several
ways this method has been leveraged in
order to increase security for end users.
One-time passwords sent to users either
via SMS or through mobile applications,
provide an additional layer of protection
and verification.
Banks have also looked to dynamic
digital signatures which, for example,
requires users to enter the last four digits
of their bank accounts when making a
transaction. Still, while these methods do
add additional layers of protection, they
also add more steps to the end user which
can result in increased password fatigue.
Behaviour biometric monitoring and
analysis, when combined with other
techniques like geo-localisation and device
profiling, can become a very powerful tool
to prevent fraud. Such technologies are
now able to confirm a customer’s identity
by analysing the unique rhythm of the user
when interacting with a web page or mobile
device. It uses measurable data created by
user behaviour to verify that the intended
individual is using the account. It gathers
this data passively during the actions the
user is already performing, such as swiping,
pressing keys, or entering a PIN code, and
compares it to previous sessions.
By leveraging unique behaviour that
is second-nature to the user, it makes
it virtually impossible to emulate by
fraudsters. Within seven to 10 sessions, the
machine collects enough data and behaviour
to create a user profile and is able to
evaluate consistency. This technology cuts
down on the number of verification checks
and authentication needed for the user,
which are only triggered when necessary.
For example, if someone makes a high-
value transfer from an unusual location,
then additional biometric authentication
will be requested to validate the
transaction, such as fingerprint or facial
recognition. However, if based on the
analysed data, the risk level is considered
as very low, then the user will not have to
go through extra authentication measures.
As this technology is adopted by banks,
they will be able to customise the users’
authentication process based on their
individual profiles to provide an optimal
customer experience for each digital
banking transaction.
In a competitive market like the UAE,
banks need to be constantly innovating
and remain ahead of the technological
curve to maintain customer satisfaction
and security. The strong popularity of
digital banking in the region represents an
opportunity for banks to be on the cutting
edge of digital security.
Issue 12
INTELLIGENT TECH CHANNELS