Keeping Your Customers Happy and Safe: Authentication and Authorization Strategies
0 likes125 views
The document discusses the challenges of account management in a digital world, emphasizing the balance between enhancing customer experience and reducing fraud risks. It highlights the increasing threat of account takeovers (ATOs) through various methods such as phishing and credential stuffing, as well as the need for risk-appropriate authentication strategies. The future of authentication is seen in leveraging consumer devices to provide a seamless and secure user experience, particularly through mobile applications.
![© 2019 TransUnion LLC All Rights Reserved | 16
Using mobile authentication for MFA & Transaction Authorization
to deliver secure, consistent omnichannel customer experience
[: demo :]](https://image.slidesharecdn.com/keepingyourcustomershappyandsafe-authenticationandauthorizationstrategies-190425193512/85/Keeping-Your-Customers-Happy-and-Safe-Authentication-and-Authorization-Strategies-16-320.jpg)
Keeping Your Customers Happy and Safe: Authentication and Authorization Strategies
- 1. © 2019 TransUnion LLC All Rights Reserved | 1 Keeping Good Customers Happy and Safe Account Management in a Digital World Scott Olson
- 2. © 2019 TransUnion LLC All Rights Reserved | 2 Account Authentication Strategies Needing to balance between “fraud” and “friction”
- 3. © 2019 TransUnion LLC All Rights Reserved | 3 Fraudsters continue to leverage technology driving ATO losses outpacing other fraud types Source: Javelin 2018 Identity Fraud Study 0 1 2 3 4 5 6 2014 2015 2016 2017 Fraud Losses (billions) Account Takeover New Accounts $500M $1.1B $1.5B $1.4B $2,3B $5.1B
- 4. © 2019 TransUnion LLC All Rights Reserved | 4 Fraudsters leverage various entry points to perpetrate Account Take Over Credential Stuffing Phishing Attacks Consumer Victims of ATO Spend on Average $290 and 16 Hours to Resolve an Incident1 1Javelin 2018 Identity Fraud Study Social Engineering
- 5. © 2019 TransUnion LLC All Rights Reserved | 5 Competing demands exist between providing the best customer experience and reducing fraud risks FRAUD / INFOSEC PRODUCT UX/CX Consumers want a consistent, frictionless online experience. Data breaches exposed millions of customer account credentials. Account access is a conduit to fraud. Customer Experience Reducing Risk
- 6. © 2019 TransUnion LLC All Rights Reserved | 6 Customer notification not authorization Customers currently experience a variety of authentication methods and only limited authorizations Customer authenticates with variety of methods Front door security
- 7. © 2019 TransUnion LLC All Rights Reserved | 7 • Login, Password • Call center, KBA, OTP • Password resets: email links, Captcha • Mobile App: Face ID, Fingerprint • One size fits all • Little flexibility for applying in-session risk appropriate authentication • Customers resist stronger authentication for every login • Credit card notifications • Account access or changes • Inform customers after the fact Customers currently experience a variety of authentication methods and only limited authorizations Customer authenticates with variety of methods Front door security Customer notification not authorization
- 8. © 2019 TransUnion LLC All Rights Reserved | 8 Customers should have a consistent, omnichannel authentication and authorization experience appropriate to risk Consistent customer omnichannel experience Risk-appropriate security Customer authorization of transactions
- 9. © 2019 TransUnion LLC All Rights Reserved | 9 • The future of authentication lies in the devices consumers use • Mobile phone and company apps can transform Secure Customer Interactions Business mobile apps offer path to use mobile device for omnichannel authentication and authorization Consistent customer omnichannel experience
- 10. © 2019 TransUnion LLC All Rights Reserved | 10 • Leverage knowledge of consumer devices at the front door • Augment or replace passwords • Fraud checks and stronger authentication at points of risk Risk-appropriate security Frictionless check of device at login allows for best customer experience and stronger authentication where appropriate
- 11. © 2019 TransUnion LLC All Rights Reserved | 11 • Approval of high risk activities • Addresses friendly fraud • Alerts customers of account activity and allows them to proactively block fraud Customer authorization of transactions High risk transactions can be authorized to avoid call center interactions and reduce friendly fraud
- 12. © 2019 TransUnion LLC All Rights Reserved | 12 Authentication Fraud Prevention Appropriate Authorization Based On Transaction Risk
- 13. © 2019 TransUnion LLC All Rights Reserved | 13 IP ADDRESS GEOLOCATION EVASION JAILBROKEN DEVICE RECOGNITION Enrollment Login Device check Passive device-based authentication can reduce friction and increase trust in the consumer-lender relationship
- 14. © 2019 TransUnion LLC All Rights Reserved | 14 • Single, Omni-channel authentication experience • Authorization of risky transactions • Increased stickiness of mobile app Device factor Fingerprint scan Facial scan Geofencing Circle code Circle code PIN code Wearable factor Increase security and provide customers with app-based multifactor authentication
- 15. © 2019 TransUnion LLC All Rights Reserved | 15 Account Creation/ Loan Origination Login Check Balances Change Account DetailsMake or schedule payment Authorize Purchase Withdrawal,Transfer, Payment KBA/OTP Multifactor KBA/OTP Device Multifactor Device Device Multifactor Device Multifactor For omnichannel access, there is a need to authenticate seamlessly at available penetration points Multifactor Device Online Fraud Detection Online Fraud Detection Online Fraud Detection Originations CBIs • Application abandonment • Third party fraud • Synthetic Identity Detection • Consumer authentication Login CBIs • High friction with forgotten credentials • Credential stuffing • Account takeover Rest of Activities CBIs • Omni-channel Authentication • Manage account • Unauthorized transactions • Transfer to rogue accounts
- 16. © 2019 TransUnion LLC All Rights Reserved | 16 Using mobile authentication for MFA & Transaction Authorization to deliver secure, consistent omnichannel customer experience [: demo :]