Authentication: On-Premises or Cloud?
Financial service providers have a duty to their customers as services such as banking, stock trading, leasing, factoring, and procurement of capital also need to work seamlessly on PCs and mobile devices while offering a perfect user experience. At the same time, users expect to be fully protected against hacking and other illegal activities – after all, there are few activities as sensitive as managing customers' financial assets.
Furthermore, partly in response to the emergence of new FinTech companies, traditional financial institutions have also had to reposition themselves with regard to their online services. Any provider not offering a well-ordered website and an easy-to-use mobile app that offers access to all features in just a few clicks will soon find itself outpaced by the competition. Customers of Amazon or Netflix now expect the banking and stock trading sites and apps they use to provide the same user-friendliness they experience with those platforms. And with all of these services, few people are willing to accept a lengthy login process. Multi-factor authentication or "MFA" – which can now also be provided in a completely passwordless way – offers a sophisticated, practical solution to these challenges.
On mobile devices, the combination of the greatest possible security and optimum user-friendliness is implemented particularly straightforwardly. This is because most of today's smartphones already come with advanced security features – such as Apple's Face ID facility and fingerprint scanners built into many devices. Thanks to these hardware-based approaches, in which all of the user's biometric data is stored in specially secured chips and never leaves the device, information cannot be hacked by cybercriminals at any time. For the purposes of multi-factor authentication (MFA), today's banking apps utilise these security features, thereby allowing users to log in within seconds – quickly and easily – by simply looking at the display or with their fingerprint.
Biometric authentication also drastically simplifies the login process on PCs while preventing unauthorised individuals from accessing accounts using stolen data. This is because if a user enters their account number and password on the website, a push message is sent to their mobile app as part of the two-factor authentication process. In order to prove their identity, users can then identify themselves on their smartphones by means of a fingerprint or facial recognition.
Built-in security with FIDO2
These levels of security and convenience are made possible by the implementation of the FIDO2 standard. FIDO – short for "Fast Identity Online" – is designed as an open and licence-free industry standard for secure, fast and easy authentication on the Internet. Thanks to the currently ongoing development of FIDO2, users can therefore utilise hardware-based authentication methods such as fingerprint or facial recognition for the first time.
Responsible for this development is the not-for-profit FIDO Alliance, which includes hundreds of companies worldwide, including Intel, Google, Microsoft, Bank of America, Samsung and Qualcomm. As FIDO2 is already supported by default in the latest versions of the iOS, Android, Windows and macOS operating systems, device sensors can be used for authentication with no adaptation needed. Banks and other financial service providers can provide an agile, customer-friendly security infrastructure.
