Turning the mobile device into a global authenticator across all your channels makes a lot of sense both in terms of the user experience as well as security. With a single, unified authentication device, users feel more comfortable moving between channels and you gain much better visibility and control over security.
The Web Channel
Your web applications can leverage the mobile device for primary authentication, secondary authentication, and transaction verifications. Imagine the following: a user accesses your web application from a laptop, desktop or tablet and an authentication request immediately shows up on the user’s mobile device. Using fingerprint authentication or just a simple swipe on the mobile device, the web application immediately logs the user in without the need to enter a password or any authentication details. Similarly, when the user runs a transaction or performs any operation that requires secondary authentication, a message shows up on the user’s mobile device with an authentication request. Using fingerprint, face, or voice the user can approve the request and move on.
The Call Center
In the Call Center, the mobile device could replace current authentication techniques which are usually based on knowledge-based questions. This significantly improves the customer experience as well as reducing call center fraud. Imagine the following: the user authenticates to mobile app and clicks to contact support. At this point the representative on the on the line already knows who the user is and no additional authentication is required. Alternatively, the user calls customer support directly and as part of the IVR process a notification is sent to the user mobile device to authenticate the user prior to reaching a representative.
Branch, ATM, and other Channels
Using the mobile device across channels is not limited to web and the call center. You can also authenticate banking users to the ATM, at the branch, or with any other application and channel you may have. The key is that users always authenticate the same way and with the same device. This unified experience increases security, improves customer satisfaction and increases business as it becomes easier for customers to switch between channels.
Trusting the Mobile Device
Being able to trust the mobile device is a key factor in this entire strategy. To trust the mobile there are four things you need to do.
First, have a reliable cryptographic device binding technology. This allows you to accurately associate the device with the user. If you don’t have this already, you can inherit it from the platform.
Second, you need the ability to build trust over time based on everything you already know about the user. Users tend to switch devices rather frequently and you can’t just go and trust a newly registered device the same way you trusted the previous device with a reliable way of handing off the trust to the new device. This handoff process is based on behavioral techniques and is part of the Transmit platform.
Third, you need to look at device-specific risk indicators such as jailbroken device, evidence of malware, or suspicious changes in configuration. Whether you already have these capabilities in place or are looking to add them, Transmit can orchestrate them into a single process that determines the trust level of the device.
Lastly you need biometric authentication. Finger, face, and voice are good examples for biometrics you can add to the mobile device. If you already have them then just plug them into the platform. Otherwise, use the biometric authenticators that come with the platform.
Once you have a trusted mobile device you need a simple way for any channel application to use the authentication services on the mobile device. Transmit provides simple REST APIs that connect any channel application with the mobile device.
Programming your Desired Experience
Once your channel applications are connected to the platform, you can go ahead and build the desired customer experience from a central interface. Using this interface, you can decide which channel applications will leverage the mobile device, when, and how, and which users will receive these services and in what conditions. This process, which we refer to as ‘programmable authentication’ provides you with full flexibility. You can go and reprogram the system at any given time without touching the applications themselves.