Multi-Factor Authentication Archives - Digital Payments, Payment Security and Lending

Wibmo Protect — Adaptive Multi-Factor Authentication Solution

February 28, 2024 / Anand K Khanna

The Reserve Bank of India (RBI) has embarked on a transformative journey by proposing a Principle-Based Framework for the authentication of digital transactions. This pioneering initiative underscores the RBI’s commitment to fostering a secure, seamless, and customer-centric digital payments ecosystem. The primary objective of this framework is to propel the adoption of alternative authentication mechanisms, transcending the traditional SMS OTP paradigm. By embracing innovative authentication solutions, the RBI seeks to elevate the customer experience while fortifying the security infrastructure of digital payments. Furthermore, this strategic move is poised to empower businesses to embark on a journey of innovation, enabling them to explore cutting-edge solutions while upholding the highest standards of security and integrity. In essence, the Principle-Based Authentication Framework heralds a new era of digital transactions, characterized by enhanced security, heightened user experience, and unparalleled innovation. Challenges with OTP Authentication: Traditional SMS OTPs, while prevalent, present significant limitations and risks. They heavily rely on mobile service providers, are susceptible to interception, and contribute to transaction delays and failures, leading to user frustration and financial losses. Limitations of Traditional SMS-Based OTP Authentication: – Reliance on Mobile Service Providers: SMS OTPs are entirely dependent on mobile service providers, making them susceptible to network coverage issues and unable to support offline mode. – Inadequate Support for Cross-Border Transactions: Due to network dependencies, SMS OTPs face challenges in facilitating cross-border transactions and international access. – High Transaction Authentication Failure Rate: In the current scenario, the authentication failure rate for card transactions using SMS OTPs averages between 5% to 8%, primarily due to network dependencies. – Vulnerability to Cyber Threats: SMS OTPs are prone to interception, phishing, MITM attacks, and sim swapping, lacking robust protection for authorized access. – Rising Instances of Fraud: Cybercrimes, including fraud cases involving SMS OTPs, have surged, with approximately 1.1 million fraud cases registered in 2023, amounting to Rs 7,488.6 crore. Additionally, UPI fraud cases reached over 95,000 in the 2022–23 fiscal year. – User Experience Disruptions: Delays or delivery failures in SMS OTPs disrupt the user experience, leading to frustration and contributing to merchant conversion losses. – Increased Operational Costs: Constant intervention is required to manage authentication experiences across various channels, leading to additional costs. The average SMS cost per transaction is 12 paise, which escalates based on the chosen channels. Wibmo Protect: A Revolutionary Solution: Wibmo Protect, a cutting-edge platform, aligns seamlessly with the RBI’s framework. Utilizing a risk-based contextual authentication approach, it leverages machine learning and deep data analytics to detect and prevent fraudulent transactions in real-time. Contextual authentication further enhances security, enabling swift and secure payments without OTPs. Key Benefits of Wibmo Protect: Wibmo Protect offers a multitude of benefits, including: – Fraud Detection & Prevention – Dynamic Risk-based Authentication – Preference-based authentication with multiple modes – Multi-channel support for various transaction types – Reduced chargebacks and increased revenue growth – Merchant opt-out feature – Enhanced consumer authentication experience Wibmo Protect combines three powerful modules: 1. Access Control Server (Accosa ACS): A holistic payment authentication platform integrated with an intelligent risk engine. 2. Enterprise Trident FRM: A comprehensive cross-channel, self-learning risk assessment engine. 3. Tridentity: A multifactor out-of-band authentication solution offering secure, password less authentication. Wibmo Protect emerges as a game-changer in digital transaction security. By embracing innovative technologies and adaptive authentication methods, it sets new standards for security, efficiency, and customer satisfaction. With its comprehensive suite of modules, Wibmo Protect stands as a beacon of trust and reliability in the evolving landscape of digital transactions. Through continuous innovation and commitment to security, Wibmo paves the way for a secure and seamless digital future. Author: Anand K Khanna, Product Manager — Fraud & Risk Management Wibmo A PayU/Naspers FinTech Company Digital Payment, Fraud Detection, Multi-Factor Authentication, Payment Security, RBI

Wibmo Protect — Adaptive Multi-Factor Authentication Solution Read More »

Regulator asking your bank to migrate from SMS-based OTPs to more secure authentication options? Use the opportunity to derive multiple benefits

November 21, 2022 / Edward Chien

Central Banks are proactively taking steps to reduce the risk of banking/financial fraud The phrase “two sides of the same coin” applies to the world of digital banking and financial services as well. Internet/mobile based banking capabilities have undoubtedly enabled convenience and speed for consumers and reduced costs for service providers. Simultaneously, however, there has also been a steady rise in digital frauds and scams around the world. New ways of scamming consumers are constantly emerging because omni-channel digital first banking has given perpetrators more options based on how banking transactions are authenticated. Central banks around the world have regularly been raising the bar for digital security within their jurisdictions, given their responsibility for orderly conduct of a country’s banking and financial services system and ensuring the highest levels of consumer safety and protection. Individual banks and fintech players are proactively integrating new technologies and protocols to provide customers with the additional security of multi-factor authentication. About a month ago, Bank Negara Malaysia (BNM, the Malaysian central bank) announced that banks operating in that country needed to adopt authentication methods for online activities (opening accounts, making payments and other transactions) that go beyond SMS-based OTPs (One Time Passwords). BNM’s new measures also cover changes to default customer account settings, cooling off periods for new accounts, using just one device for authentication, etc. The rules pertaining to the detection of scams/frauds and the triggering of blocking actions are also being tightened. While many of the steps will kick in after suspicious transactions are detected, what is essential for banks is to strengthen measures that can minimize the occurrence of frauds and scams through superior digital authentication and the detection of risky transactions. OTPs and two-factor authentication are no longer adequate Over the past years, OTPs have become ubiquitous and deeply embedded in our lives as the primary means to authenticate all banking (and many other) transactions. But the two-factor authentication provided by OTPs is no longer enough to provide customers with the desired levels of safety and protection. Authentication is based on entering the 4 or 6 digits sent by the service provider to the customer’s mobile number. It does not verify the identity of the person who has entered the OTP. This means anyone with access to the OTP can easily impersonate a customer and complete transactions without the genuine customer being aware until it is too late. Think about three commonplace scenarios that customers might routinely face: a lost or stolen mobile phone, an unlocked phone on their office desk while they briefly step out, or a phone given for repairs (where unscrupulous staff members have the chance to copy/access personal data). In each of these situations, unauthorized persons can easily access OTPs and other transaction-related messages sent by banks to the phone and essentially “authenticate” transactions that will go through as legitimate transactions initiated/approved by you. If such impersonation risks are not bad enough, think about phishing frauds and scams where users are induced to click on links that they believe have come from their bank or other service providers via SMS. A world of non-banking digital payment apps and platforms gives fraudsters even more opportunities to scam customers by voluntarily giving out information that is needed to complete unauthorized financial transactions. In such a high-risk environment, online authentication must necessarily be made a more rigorous and fool-proof process that is inherently harder to circumvent. Rather than relying on an OTP that can be entered by anyone (and not just the genuine customer), banks must adopt authentication protocols that use multiple data points that can be collectively used to establish customer identity and authenticity of transactions. Multi-factor authentication can make a big difference to the reliability of your authentication and hence customer experience Banks need to balance secure and reliable authentication with the associated costs and impact on customer experience. Working even when there is mobile network latency (or lack of network coverage) is another requirement. Compliance with the bank’s own security norms and complete adherence to prevailing regulatory requirements also needs to be considered. The solution must be such that it can be used seamlessly with mobile banking as well as internet banking. Multi-factor authentication (MFA) solutions tick all these boxes. A robust MFA solution uses a combination of three distinct sets of data points for authentication: · Knowledge- what the customer knows (e.g., password, security question); · Ownership/access- what the user has (e.g., mobile device, USB token); and · Inherence- something that is inherent to the customer (e.g., fingerprint or other biometrics) A world-class MFA solution must provide banks (and other organizations) the option to authenticate customers and transactions based on a variety of authentication touchpoints that cater to customer preferences and risk profiles. It must be used either on a standalone basis or be capable of easily being integrated with a bank’s existing assets. It must support Out of Band (OOB) authentication- which means that the channel used for authentication must be distinct from the one used to sign in or perform a transaction. Ideally, the OOB authentication element must reside in the customer’s registered mobile phone, making it easier to leverage ownership- and inherence-based data points as well for authentication. The MFA solution must be compatible with EMV 3-D Secure and 3-D Secure 1.0 protocols and support CNP transactions as well. Wibmo’s Tridentity is an MFA solution that is designed to address the above needs and deliver the above capabilities. It supports authentication based on Push notifications, Offline OTP, and Biometrics. It is available as a simple SDK or downloadable as an Android/iOS app. Tridentity is compliant with the EU’s PSD2 initiative. Please click on https://www.wibmo.co/tridentity/ for more information on Wibmo’s Tridentity solution and how it can help your bank in Malaysia or elsewhere. If you have specific questions and would like to speak to one of our experts, write to us at sales@wibmo.com. Author: Edward Chien, Director- Sales, South-East Asia Wibmo A PayU/Naspers FinTech Company Authentication, Multi-Factor Authentication, Online Payments, Out of

Regulator asking your bank to migrate from SMS-based OTPs to more secure authentication options? Use the opportunity to derive multiple benefits Read More »