The Future of Secure, Mobile Authentication...Migration to Mobile – Changing the Security...
Transcript of The Future of Secure, Mobile Authentication...Migration to Mobile – Changing the Security...
© ValidSoft 2013 © ValidSoft 2013
The Future of Secure, Mobile Authentication
November 2013 – Opus Research, Voice Biometrics Conference
Daniel Thornhill, Product Manager
Proprietary and Confidential information 1
© ValidSoft 2013
Who is ValidSoft?
Proprietary and Confidential information 2
§ Member of Elephant Talk Communications Corp. (NYSE MKT: ETAK) that is an international provider of business software and services to the telecommunications and financial services industry;
§ Protecting all channels through telecommunications;
§ Provider of Context-aware Voice Biometrics through In-band and Out-of-band delivery channels;
© ValidSoft 2013
Mobile Wallets: What does it mean?
Proprietary and Confidential information 3
© ValidSoft 2013
Migration to Mobile – Changing the Security Landscape
Proprietary and Confidential information 4
44% of mobile customers
avoid mobile banking due to security
$721bn Value of mobile
payment transactions
in 2017
450 million
Global mobile payments
users by 2017
A GROWING MARKET FACING KEY CHALLENGES
© ValidSoft 2013
Some Mobile Consumer Concerns
Proprietary and Confidential information 5
• Consumers’ Mobile Banking Security Concerns, 2011
Other please specify - 1% Combination of above - 3%
Malware on my phone - 3%
Losing my phone or having it stolen – 13%
Someone could see my bank account information on my phone – 15%
Someone intercepting my calls or data – 20%
Hackers gaining access to my phone remotely – 44%
June 2012, n=962 Base: All consumer with mobile phones who listed security as a primary reason for not mobile banking. ©2012 Javelin Strategy & Research.
© ValidSoft 2013
• Traditional security models compromised:
• 2005 - Tokens by MitM attack
• 2007 - Certificates by MitB attack
• 2009 - OOB by SIM Swap/CFU
• Traditional security models intended for other channels rather than the mobile platform (Branch, Card Readers, 2FA @ ATM designed for other channels) - Mobile requires a new approach;
• Securing enrolment and App activation;
• Managing rollout and cost, without compromise;
• Not versatile or dynamic;
• Managing False-negatives/False-positives;
• Mobile means mobility and a security models needs to support this paradigm shift
The Problems We See
Proprietary and Confidential information 6
© ValidSoft 2013
• Designed specifically for smart-phone;
• Built to leverage the always-on, high-definition data channel;
• Greatly reduces traditional Equal Error Rates
In-band Mobile Authentication
Proprietary and Confidential information 7
© ValidSoft 2013
• No phone call; no cost
• Natural, low-friction authentication = ease-of-use
• High-definition voice; can use 24kHz and above
• LTE will improve results over 3G
• Introduces context: device profiling
The Advantages of In-band Voice
Proprietary and Confidential information 8
© ValidSoft 2013
Frustration vs. Fraud; The Equal Error Rate
Proprietary and Confidential information 9
• Traditional voice biometric solutions are binary in their decisions;
• Lower fraud equals higher frustration;
• Thresholds are normally set to the right of the EER; fraud prevention takes precedence over consumer convenience;
• The EER exists because traditional biometric solutions are based on biometrics in isolation;
• The data channel lowers it;
• Grey Zone Logic and Contingency processing removes it
Frustration Fraud
© ValidSoft 2013
• An area where the biometric result is non-deterministic;
• Not a pass, not a fail;
• Grey results dynamically trigger contingency processing;
• Contingency processing introduces other factors or other channels;
• Provides intelligence on context not previously available
Grey Zone Logic
Proprietary and Confidential information 10
© ValidSoft 2013
• Repeat Phrase
• Out-of-Band Voice Biometric
• Out-of-Band Digit Challenge
• Out-of-Band Challenge/Response
• In-band Challenge Response
Dynamic Contingency Processing
Proprietary and Confidential information 11
First attempt to move out of the Grey Zone
Detect and trigger if data signal poor but environment good
Detect and trigger if background noise excessive and data signal poor
Detect and trigger if background noise excessive and data signal poor
Detect and trigger if background noise excessive but data signal strong
© ValidSoft 2013
Removing the Equal Error Rate
Proprietary and Confidential information 12
Traditional Equal Error Rate Dynamic Contingency Processing
© ValidSoft 2013
Multi-channel Applicability
Proprietary and Confidential information 13
© ValidSoft 2013
Questions
Proprietary and Confidential information 14
?