Passive-active approach to consumer security

BANGALORE, INDIA: With immediate access to information, to help make timely decisions, today’s consumers live more of their lives online than ever. For financial services firms, online channel means increased opportunities to serve consumers who live their lives online.

It also means increased risks, such as phishing, identity theft, online fraud, etc. And therein lies the challenge: combating fraud while maintaining customer satisfaction. Security must be seen to enhance – not inhibit – the online customer experience. Both passive and active approaches are required to address financial services customer needs, building confidence and protecting customer while maintaining a positive online experience.

Passive security happens in the back-end and is not visible to consumers. Active security is visible to consumers and comes in the form of a strong authentication via two-factor authentication credentials. Together, they are the one-two punch that helps to reduce fraud. 

Passive Security: Out of Sight, Out of (Consumers’) Mind

Passive security solutions, also referred to as fraud detection solutions, build consumer confidence through a seamless and undisturbed experience with a financial services provider. Sophisticated fraud detection solutions monitor both online and telephone activity, and the system intervenes when any unusual activity is detected. 

Fraud detection solutions feature behavioral intelligence, which “learn” consumers’ behaviour patterns, such as the time of day when a consumer usually accesses account, the computer from which the account is accessed, amount of transaction, usage patterns, etc. If any kind of anomaly is detected in the consumers’ normal behaviour pattern, the system will intervene and will ask for additional steps, such as a challenge/response question, phone call, a text message to the mobile phone on user profile to confirm a security code, etc., to validate the transaction.

Security can also be enhanced by the sharing of threat intelligence/knowledge of different sources of fraud across a network. Thus, it is important to be part of an intelligence network that continuously learns new sources of fraud attacks for better means of protecting consumers.

Active Security:  Putting security into consumers’ hands

Active security positively impacts the consumer perception of integrity of transactions with a tangible extra layer of security. Most common active security solutions comes in the form of consumer authentication via usage of one-time passwords (OTP). OTP can be generated using credentials with different form factors, such as tokens, credit card size and application on mobile phones or SMS-enabled mobile phones.

Consumers carry this credential with them to use on sites requiring strong authentication. Consumers feel empowered with a second factor of authentication in that they’re taking the extra step toward stronger authentication, thus further protecting their online identities. 

Although OTP technology has been around for over 10 years, it has now finally reached a tipping point in terms of consumer adoption, thanks to new delivery models such as authentication networks. Authentication networks are provided via a software-as-a-service delivery model, which is extremely scalable and quite cost effective for organisations because there is no infrastructure to maintain. 

For consumers, authentication networks can be compared to an ATM network, where an ATM machine will accept cards from all participants within that network. In other words, consumers can use a single credential to strongly authenticate themselves across any web site that is part of a particular credential network.

Leading online businesses around the world have taken an active approach to security, providing customers with an additional visible layer of protection that goes beyond the standard secure log-ins. These businesses include several banking and financial services firms as well as public sector organizations, leading ecommerce firms, and a plethora of other online entities.

What’s more, many of these online businesses have gone a step further to provide both passive and active security. The passive-active approach to consumer security addresses the needs of consumers and unique differentiation opportunities for financial services firms. Together, the dual-action solutions create positive service experiences for consumers that helps set a financial institution apart from others. 

The author is vice president of VeriSign India.