A Quick Guide to Authentication
Finding the right authentication strategy can be tricky; legislation and growing demand for fraud prevention applies pressure to both larger and smaller businesses. While there are expected benefits and drawbacks of authentication methods, what’s best for one industry won’t always be suitable for another.
This short guide should help you untangle the authentication sector, bringing you a step closer to determining which authentication method is best for your business.
What is Authentication?
In short, authentication is ‘the process or action of verifying the identity of a user.’
Authentication methods fall into three categories; something you know (codes, passwords, answers), something you own (keys, cards, IDs), or something you are (fingerprints, voice, iris). The best methods are often layered, like how a bank card is both chip and pin.
Some forms of authentication have greater levels of security at the expense of user experience. For example, having to input four different passwords would be safer, but more frustrating, than having to input only one.
Due to the rising demand for online services, the authentication industry has found itself in a perpetual battle against cyber criminals. Enhancing both security and customer experience is no easy task.
Why is Authentication Important
Authentication serves as the metaphorical gatekeeper between lawful and unlawful access. It is the only barrier protecting your possessions, accounts and identity from theft. Without reliable authentication methods, there would be no legitimate way to transact in person or online.
Despite industry efforts, fraud continues to rise, accounting for 60% of all estimated crimes in 2021. Typically, adoption lags behind technological capabilities, with most SMEs not having any substantive authentication strategy at all.
Fraud simply cannot be ignored:
- It costs small businesses an average of £35,000
- Two-thirds of fraudulent cases need to be covered by the businesses themselves
- An often unconsidered repercussion of this fraud is the considerable reputational damage to the business
Methods of Authentication
Passwords are the classic method of authentication – a series of numbers and letters that, theoretically, only the legitimate user knows.
- Already in popular use
- Quick and cheap to implement
- Not safe to use alone – keylogging, phishing and viruses are all a serious threat to passwords
- Can be forgotten
Two-factor authentication commonly refers to the dual approach of requesting a password and a one-time passcode (OTP). This could be an SMS code sent to the users’ mobile number, a code produced by an authentication app, or a code sent to the users’ email address.
- 2FA is more secure than a lone password
- People are accustomed to SMS OTPs
- Damages the customer experience
- It is still vulnerable to account takeover through SIM-swap fraud and vulnerabilities in email accounts
- Not as secure as other forms of authentication
Biometric authentication relies on scanning the user’s face, voice, or fingerprint and matching it to a previous submitted biometric. It could require submitting an ID document too.
- High level of protection – prevents traditional threats like keylogging
- Can be used in physical locations
- Can be added to MFA
- Deters low-level cybercrime
- Remains vulnerable to sensor spoofing
- Can have a high false acceptance rate
- Often disrupts the user journey heavily
Multi-factor authentication refers to the process of layering more than two authentication methods. This is most commonly the combination of a password, an OTP, and biometric, widely used by high-risk enterprises such as banks and mortgage brokers.
- Combining multiple sources makes it extremely secure
- Burdens the user heavily with evidence and complicated steps
Can Mobile Network Data Be Used In Authentication?
Although authentication is primarily designed as a security measure, customer experience plays a considerable role, and must not be ignored when choosing what is suitable for you. How likely is your customer to continue their journey or transaction with high levels of friction? How much custom will this cost you every month? Is there a way to increase security without increasing customer friction?
Mobile Network Operator (MNO) data has become a necessary part of businesses’ authentication, onboarding, and fraud prevention strategies due to its high-trust and authoritative nature. The data held by the MNOs can be matched with user-provided information – all that is required is a mobile phone number. Such data include name, age, date of birth, and address.
Furthermore, companies such as Phronesis can enhance the verification of a user’s identity by giving confidence that the SIM card and device being used in real-time belong to the mobile number provided. A device session check can even make the OTP and password redundant.
By adding MNO data to authentication strategies, companies are increasingly being able to go password-free, improving both security levels and customer satisfaction.
To find out more about bringing MNO data into your business, book a free, introductory call. We would love to help you identify and authenticate customers.
Alternatively, find out more about MNO data through our blog, or sign up for our mailing list below.