Other parts of this series:
In my previous post, I set the context for the authentication hub as the solution for managing robust and multi-factor authentication in the new digital world. In this post, I’ll share what a multi-factor authentication hub looks like as well as some of the key factors to consider when implementing this model in your firm’s security environment.
Authentication in the New: the authentication hub
Accenture’s vision of an authentication hub is a set of centralized services that:
- Facilitate multi-factor authentication, with the ability to choose different authenticators
- Support multi-modal biometrics across multiple channels for both customers and internal users
- Use data from transactions, risk and fraud systems, and the network layer to make informed decisions about what the user can do
The hub integrates and coordinates the following five authentication elements and capabilities, as indicated in Figure 1:
- Signing in the New
The authentication hub provides banks with digital alternatives that are legally equivalent to a “wet” signature, but less costly and faster. These alternatives make it possible for customers to utilize existing authenticators to confirm documents and for firms to integrate the signing process directly into wider business flows and customer journeys.
- mKYC: The New customer onboarding journey
Customers now expect to sign up for new financial services through the devices in their pockets. Disruptor banks are setting the bar here by applying a digitized onboarding journey that covers resolution, validation and verification.
- Biometric authenticator framework
The authentication hub provides the framework to support multi-modal biometrics. Biometric modalities can be described as either physiological, behavioral or mixed. They have varying characteristics suited to different populations, environments and risk tolerances. Assessing these factors is key to designing a system that balances user experience against security.
- Pick-and-choose authenticators
It is now easier than ever before to seamlessly integrate biometric sensors into mobile applications. Many biometric sensors come ready-packaged in consumer devices. Wearable devices are entering the market and bringing with them a wealth of new authentication capabilities. These new capabilities present new possibilities for increasing customer choice, reducing authentication friction and capturing greater value from legacy systems.
- Risk engine—fraud detection and prevention
An omnichannel, real-time fraud detection and prevention capability adds context and actionable intelligence to a firm’s authentication decisions. In addition to an omni-channel approach, it’s also critical that an effective risk engine take feeds from multiple sources to better understand the risk factors from three key areas:
- Contextual device factors, including location information and travel times
- User behavioral factors
- Financial transactional factors
Putting it all together
Digitally-forward organizations tend to take the following three steps to bring together biometrics, behavioral profiling, push notifications, analytics and other digital building blocks within their authentication management process:
- Connect applications to an authentication hub to create a single interface for authentication and provisioning tasks. Doing so eliminates the need to embed authenticators into individual applications—which can result in high complexity and high maintenance costs.
- Select application agnostic authenticators, including face recognition, eye recognition, voice recognition, fingerprint, one-time password (OTP), notifications, pattern drawing and more. Once an application is connected to the solution, organizations can select the authenticators they want to use and switch between authenticators without touching the application—simplifying the development process.
- Add context and learn behaviors to reach better authentication and provisioning decisions; for example, based on device type or location. The solution should automatically profile devices, locations, access times, activities, transaction sizes and other factors. Profiles are built over time to provide a non-linear return on investment.
In implementing an authentication hub, it’s important to consider the end, not just the means. Firms should closely examine business needs, then define how the use of a multi-factor authentication hub could help achieve specific objectives.
For a comprehensive view of all aspects of the authentication hub and “authentication in the New”, please see Accenture’s Biometric Authentication in the New Digital World.
- “Payment services (PSD 1) – Directive 2007/64/EC,” European Commission. Access at: https://ec.europa.eu/info/law/payment-services-psd-1-directive-2007-64-ec_en
- “Draft Regulatory Technical Standards on Strong Customer Authentication and common and secure communication under Article 98 of Directive 2015/2366 (PSD2),” European Banking Authority, Final Report, February 23, 2017. Access at: https://www.eba.europa.eu/documents/10180/1761863/Final+draft+RTS+on+SCA+and+CSC+under+PSD2+(EBA-RTS-2017-02).pdf
- “Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on payment services in the internal market and amending Directives 2002/65/EC, 2013/36/EU and 2009/110/EC and repealing Directive 2007/64/EC /* COM/2013/0547 final – 2013/0264 (COD) */,” European Union, EUR-Lex. Access at: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:52013PC0547