Mobile authentication: What happens when security and usability stop being mutually exclusive?

Entersekt Editor|18 April 2018
Mobile authentication: What happens when security and usability stop being mutually exclusive?

In digital banking, and more recently also in the mobile payments sphere, security and usability are commonly viewed as incompatible priorities. By implication, for security to be strong enough, it must also impose inconvenience on the user. At Entersekt, however, we prefer to ask: why do banks have to choose?

A different world

Calling the present a “crucial turning point in the authentication landscape”, IBM Security’s Future of Identity Study found that respondents valued security ahead of convenience, especially when accessing financial accounts. What is more, the emergence of open banking is putting even greater emphasis on security. Having taken effect in January, the EU’s Payment Services Directive (PSD2) is fostering competition in the financial services space by requiring banks to open their APIs to third-party providers.

Similarly, in the US, the Consumer Financial Protection Bureau (CFPB) has given its endorsement of open banking by outlining principles for “consumer-authorized financial data sharing and aggregation.” Open banking means more choices for consumers, but the increase in the flow of customer data as third-party providers access customer accounts also means more liability for banks. This makes security through customer verification and consent all the more critical.

The authentication measures that have been used in the past won’t make the cut in the world of open banking. Authentication that is weak on either security or user-friendliness will lead to an ultimate customer loss for banks. For example, as the US National Institute of Standards and Technology (NIST) has asserted, one-time passwords sent via text message (SMS OTPs) will not be acceptable as a method of two-factor authentication, since these messages can be intercepted. On the other hand, traditional passwords will be equally unacceptable, as they offer a poor user experience and insufficient security. The only way to realize the possibilities that open banking brings to the financial services industry is by implementing state-of-the-art authentication that truly secures customer data.

Stepping things up

Offering one-touch multi-factor authentication makes it easy to combine the best of both worlds: strong security and great usability. With an out-of-band, push-based message to the user’s mobile device which prompts them to confirm or decline a transaction, the financial institution can effortlessly confirm the user’s identity and their consent to carry out an action. This technology is not limited to logins and transfers, but can be used for bills or P2P payments, account changes, cross-service onboarding, password recovery and much more.

In an industry characterized by the usage of highly sensitive personal data, having the right security technology in place both empowers the customer and allows the financial institution to focus on innovation and broadening their service offering.

About the author

Entersekt Editor

Entersekt Editor

An avid scowler and violent sharpener of pencils, Editor’s bark is worse than her bite. Every scrap of writing that crosses her desk she treats with the same care she would her own privately published comic verse. Any orphans and misfits, she takes under her wing. After hours, she practices amateur type design and represents her local library in extreme kerning competitions.

Subscribe to our newsletter for our latest news, press releases and events

logo entersekt

Entersekt is an international software development company based just outside of Cape Town, South Africa.

We are leaders in authentication, app security, and payments enablement technology, offering a highly scalable solution set with a track record of success across multiple continents.