Snippet: Over the past fifteen years, the balance of power between large financial institutions and their retail customers has changed. The consumer now has a seat at the bargaining table, and is an equal rather than a subordinate in the decision-making process. How has this shift changed things from an authentication perspective?

Over the past fifteen years, the balance of power between large financial institutions and their retail customers has changed. The consumer now has a seat at the bargaining table, and is an equal rather than a subordinate in the decision-making process. How has this shift changed things from an authentication perspective?

Once upon a time, before a bank would allow a sensitive transaction, it would ask users to authenticate themselves, largely with the objective of preventing fraud. If the bank was convinced it was John Smith they were talking to, they proceeded. If the user later claimed that it wasn’t them who had done the transaction, the bank would take the position of, “Dear Mr Smith, sorry, but our system would not have allowed this transaction if it did not get your PIN. Either the transaction was authorized by you, or you leaked your PIN to somebody else.” And with this, the bank would simply pass the liability on to the user or insurer, and live happily ever after.

Today’s users, however, will not tolerate this attitude. Our John Smith can cause significant brand damage if the bank cannot prove to him – to his satisfaction – one of two things. Either he was negligent in some way, engaging in behavior even he can recognize is outside of the bank’s responsibility (say, giving his phone and his PIN to his teenage daughter Joan, who then made a purchase), or he did, in fact, perform the transaction, but may not have being paying enough attention to remember it.  

Prioritizing proof

Easy, non-repudiated proof of the user’s consent to a transaction has become much more important than before. Not only must this non-repudiation be present, but it must be easy to explain to the user – to dissuade them from going on a social media tirade, or at least for the bank to be able to defend itself against a charging horde of discontented digital banking users. The bank needs to be able to tell a story like: “Dear John, we take security seriously and are therefore highly concerned when you feel that you did not authorize this sensitive transaction. We employ state-of-the-art technology, which makes your handset totally unique in the world, and we have it tested regularly. According to our records, you were presented with the message Do you authorize this sensitive transaction? on your phone on the date in question, and you agreed to it by presenting your fingerprint. We would be more than willing to present this data to you for further scrutiny if you so desire. As always, your security is our priority.”

The sad reality is that whereas authentication used to exist to protect the bank against fraudsters, today the bank needs non-repudiated proof of sensitive actions to help protect it against its users. Information overload is making users less cognizant of the consequences of their actions. Reminding customers that information was made available – and, importantly, that they made a choice – is vital in breaking through the resentment barrier (“I would not do such a thing!”). In short, non-repudiation is crucial, and will become even more indispensable in future.

Subscribe to our blog.


Niel Bester

CHIEF SOFTWARE ENGINEER

An engineer by training, Niel has decades of experience in most facets of software development within the telecommunications and IT industries. He is passionate about product and organizational strategy and is a highly popular sounding board and source of information on trends in the market.

Entersekt Logo

Entersekt is an innovator of customer-centric fintech solutions. Financial services providers and other enterprises rely on our patented mobile identity system to provide both security and the best in convenient new digital experiences to their customers, irrespective of the service channel. With us, they can concentrate on their innovation roadmap, while delivering intuitive, low-friction digital experiences to their customers.