Can Fintech improve authentication and security?

Keeping your digital identity safe is one of the main challenges of the financial services industry. Using APIs is a way to improve security and minimize risk, quickly and cost effectively. And there are other tools, as biometrics, geolocation and social media.

BBVAOpen4U
|
11 Nov. 2016

With the increasingly sophisticated nature of cybercrime, hacking, and financial fraud, this may be the most important set of issues facing the financial services industry today. San Francisco, at the gateway to the Silicon Valley, was a fitting venue for an expert panel at BBVA’s recent Fintech University. The discussion centered on new strategies to verify identity and keep customer accounts safe.

The panel featured Filip Verley, Sr. Advisor of One World Identity; Johnny Ayers, co-founder of Socure; Ron Atzmon, Managing Director of AU10TIX Limited; and Shamir Karkal, BBVA’s own Head of Open APIs.

What challenges are we facing with authentication and security?

The digital age has always presented challenges for authentication. It was so much easier when people’s identities could be verified face-to-face at a bank branch. User names, passwords, and security questions have been among the most common ways institutions try to determine who is at the keyboard. These traditional approaches are quickly becoming outdated, and less secure.

A combination of new tactics and new technology is required to provide protection. At the first layer is a need for more robust authentication. How can banks verify the identity of an accountholder? At the second layer, security measures must protect those accounts from unauthorized access.

What does this mean for fintech companies?

The panelists stressed the importance for both banks and fintech companies to verify user information across multiple channels. The contact center, IVR, branch, mobile app, and website should share a single, comprehensive, view of the customer. For banks with legacy IT systems, this is difficult-- and it can create vulnerabilities. 

Fintech companies are pioneering new approaches to verifying and managing identity. In some cases, the new technology is for sale to banks and other FIs. In other instances, the fintech company simply makes their own product more secure. And in a growing number of cases, authentication is being provided via banking APIs.

In strengthening authentication, one avenue being explored is behavioral biometrics. A good example is the precise tracking of user typing patterns. By looking at factors like typing speed and rhythm, data can be captured for each online or mobile session. This behavioral data pattern becomes one element of a very complex algorithm.

Physiological biometrics use everything from the shape of a person’s face or hands, to retina scans, to voice verification, in order to identify the person. The panel of experts in San Francisco mentioned cool new technology that uses photo selfies to enable a customer to login. 

Another set of elements contributing to a robust identity profile might include the attributes of trusted devices (like a unique identifier from a commonly used smartphone), sign-in habits, and the geographic location or time of day that certain devices are used.

And interestingly, social media is even being used to verify identities. For example, are all of a user’s Facebook friends based in another country? Were all of their jobs on LinkedIn held in another country?

As the Fintech University panelists noted, partnerships between fintech innovators and banks are growing. Banks have the depth of experience, security protocols, and nuanced knowledge that would be daunting for a new company to acquire on their own. Using a bank’s APIs is a way that fintech companies can improve security and minimize risk, quickly and cost effectively.

Additional insight from the panel

Demographics can be an important starting point when considering how to proceed with managing identity. For example, a service that is targeted to millennials might be a good candidate for making use of social media data. 

Key takeaways

  • Build out an authentication strategy that enables you to create a  comprehensive picture of the user
  • Incorporate biometrics, geolocation, IP addresses, social media and other data to reduce your risk.
  • Partner with banks and use APIs so you don’t have to build costly security infrastructure yourself.

The days of the password are numbered. New tech and novel strategies will help us to better safeguard our identities and our accounts. 

This article is one in a series from BBVA about the latest in Fintech and banking.

You can read more here

Sign up!

Sign up to the BBVAOPEN4U newsletter and receive tips, tools and the most innovative events directly in your inbox.