 | Issue: | Global-ICT 2015 |
| Article no.: | 16 | |
| Topic: | Mobile transactions: New security and convenience | |
| Author: | T. Kendall Hunt | |
| Title: | Chairman & CEO | |
| Organisation: | VASCO | |
| PDF size: | 186KB |
About author
Mr. Hunt is the founder, Chairman of the Board, and Chief Executive Officer of VASCO Data Security (NASDAQ: VDSI), a world leader in providing two-factor authentication and digital signature solutions to financial institutions. More than half of the top 100 global banks rely on VASCO solutions to enhance security, protect mobile applications, and meet regulatory requirements. Under his leadership, VASCO has grown to over 10,000 customers in 100+ countries generating annual revenue in excess of $200 million.
Mr. Hunt has served on several advisory boards at prestigious universities, including the University of Miami Board of Trustees, the President’s Council, the Board of Overseers for Miami’s School of Business, the MMM Dual Graduate Degree Program for Northwestern University’s Kellogg School of Management.
Mr. Hunt received a BBA from the University of Miami, Florida, and an MBA from Pepperdine University, Malibu, California, where he was honored with the school’s Distinguished Alumnus Award.
Article abstract
For banks, smartphones and mobile devices have emerged as the center of their customers’ digital universe. Already, many financial institutions are investing resources to enhance security while they mobilize their own applications. They’re providing secure platforms to deliver advanced anti-fraud technologies from third-party security experts to deliver applications that can securely authenticate users as part of a frictionless, transaction experience.
Full Article
Infosecurity professionals have been faced with the challenge of balancing the demands of user convenience against more effective security measures for decades. In many instances, security professionals have felt that the only way to fully satisfy users’ desires for convenient access to digital resources was to throttle back to some extent on security. As mobility, BYOD and smartphone ubiquity have become the norm across the enterprise, progressive infosec professionals have embraced the trend as a welcome relief to a protracted problem.
The reality is that as mobile technology and app development mature, mobile devices are increasingly providing new opportunities to bring this balancing act into equilibrium. Done right, mobile devices can help risk managers finally achieve the perfect balance between security and convenience.
Mobile-driven advances should play out well in a number of industries—financial, healthcare, entertainment and online gaming along with other sectors. The first step in realizing mobile’s potential lies with IT professionals taking full advantage of the myriad of new possibilities, advances and architectural approaches to authentication and the authorization of users.
Passwords in particular are long overdue for retirement. Regrettably, they have remained the fallback standard for authentication because many of the superior alternatives have been misperceived as being too inconvenient for users to embrace. The redundancy of logging in from a computer with a password has too often trumped the significant risks and inadequate protections the approach affords.
Much has changed – especially over the last two years – and passwords are no longer viewed as being quite so convenient. Entering passwords on mobile devices and smart phones is often awkward, and for most users, password storage and the required updates are at least as awkward. These inconveniences create a perfect opportunity for security visionaries to introduce third party security solutions with advanced authentication that transparently integrate multi-factor authentication into the process while making the consumer’s experience more convenient, not less. This can be done by using the advanced biometric capabilities of current mobile phones and highly innovative approaches such as an app-to-app authentication model that leverages security credentials that are securely stored on the phone. The consumer is authenticated in the background using multiple techniques that improve security but that are transparent to the user. After the user is authenticated, this high level of assurance can be used across multiple applications.
This new authentication strategy simplifies the consumer’s experience and improves security while supporting new mobile use cases.
Financial
For banks, smartphones and mobile devices have emerged as the center of their customers’ digital universe. Already, many financial institutions are investing resources to enhance security while they mobilize their own applications. They’re providing secure platforms to deliver advanced anti-fraud technologies from third-party security experts to deliver applications that can securely authenticate users as part of a frictionless, transaction experience.
As they more fully explore the expanding possibilities of digital banking, they’re opening up new use cases and applications, such as changing the face of ATM transactions through secure mobile. With ATM skimming incidences rising, security-minded institutions are exploring ways to make phones a sort of pre-staging environment for authenticating ATM transactions. In the future, a user will be able to walk up to an ATM and – with NFC or Bluetooth technology – the bank will confirm their identity and use the full security capabilities of the mobile phone to authenticate their customer. At that point, the user can take a picture of a QR code presented by the bank with their phone to complete the transaction. With this model, the ATM machine becomes the mechanism for dispensing cash and its susceptibility to skimming fraud is eliminated.
Retail
As Apple Pay and other mobile payment methods mature, retailers are seeking ways to take advantage of this extremely convenient new mode of payment. When paired with mobile-integrated biometrics, Apple Pay and other payment methods offer consumers significant convenience and security advantages compared to their current typical credit cards. The potential exists and the technologies are largely already in place or can be easily added. By integrating the mobile device into the transaction, retailers can add biometric authentication techniques to enhance security. While previous biometric applications in more traditional computing environments seemed ‘removed’ from the consumer in terms of convenience and usability, mobile is the ideal platform. It’s personal, authenticated and offers the opportunity to introduce new, inherently secure authentication with improved convenience.
Healthcare
As the healthcare space increases its efforts to reduce the unauthorized use of controlled substances, regulatory requirements and provider activity around electronic prescriptions of controlled substances (EPCS) have heated up and new regulations are now being enacted by several States. Traditionally, doctors have written prescriptions on paper pads, producing slips of paper that their patients bring to pharmacies where their identity is verified before the prescription is issued. With EPCS, pharmacies and caregivers authenticate that a patient picking up their medication is actually is who they say they are – the front-end opportunity for abuse is eliminated. Smartphones easily support authentication methods that provide mandated verification and, after an appropriate enrollment process, make it easier for patients to get the medicine they need. The process ensures that the patient’s identity has been properly vetted while it supports providers and pharmacies in their mandated migration to digital prescription processes.
Mobilization is an important part of the overall authentication and secure networking process between doctors and pharmacies, and can help to resolve current security issues with the management of controlled substances.
Gaming
Several US states now permit specific types of online gaming such as poker, several more are exploring legalization, and the Department of Justice has signaled its consent provided that some basic criteria are met. Along with prohibiting sports betting, the States and Fed agree that authenticating the gamer’s age, identity and state of residence will be critical to the growth of this potentially lucrative market in the US.
The above use cases can only be made possible if application and platform developers architect their solutions with security in mind from the start. To do so, they need to address five fundamental security concerns specific to the mobile environment and mobilized consumer.
First, there’s provisioning the user and implementing a one-time device-level assurance to verify that the user is who they say that they are, potentially along with bringing new convenience and consumer-friendly transaction confirmations to the process. Second is establishing a secure communication channel. Third is establishing a secure place to store identity information. Fourth is protecting the mobile platform itself to prevent malware from subverting transaction processes. And fifth is creating a secure provisioning process that affirms that the platform and the user are secure.
Organizations that begin by designing their mobile experience for users with these five fundamentals in mind will increasingly engage consumers, employees and other stakeholders, and invigorate their own market opportunities. They’ll also resolve longstanding problems by bringing convenience and security into better balance.
