Unpacking Fourth Factor, Continuous Authentication

One of the casualties of Facebook’s data debacle is the social network’s plans for smart speakers to compete with Amazon’s Echo. Indeed, concerns about constant surveillance is bound to have a ripple effect that challenges every company and brand’s ability to offer simple, trusted, Voice-First services through a variety of devices.

Earlier this year, in our #IAuth prediction for 2018, we coined the term “Fourth Factor” as a collective description for a combination of emerging authentication technologies, applied on a continuous basis to provide friction free methods and strategies that didn’t fit neatly into the first, second and third factor categories.

Fourth Factor Authentication is made possible by continuous monitoring of devices, networks and user behaviors. While this bolsters the seamlessness and personalisation of overall digital UX, it is also seen as a form of surveillance, which invades privacy and breaches numerous data-protection regulations. How brands, banks, retailers and digital marketers in general promote a balance between privacy, convenience and security will be the subject of panels and “Deep Dive” discussions at the upcoming Conversational Commerce Conference (C3), London, May 8-9.

The pace of innovation in authentication appears to be relentless, with some fascinating announcements already being made in the first quarter of this year. Some of these include:

Cyber-SecurityTech Startups raise $200m in VC Funding
According to eweek.com, at least 10 cyber-security tech startups raised almost $200 million in VC funding in March alone. One of these was Biocatch, launched in 2011, based New York City and Tel Aviv; who announced on 12 March that they had closed a $30 million financing round, bringing their total funding to $47 million. Biocatch acquires, analyses and processes some 2,000 parameters to identify genuine and malicious online activity through continuous behavioural biometrics.

Add to this some of the 2017 speech anti-spoofing innovations such as VoiceGesture, VAuth, Lip Motion Password and VocalZoom from 2017, and we find ourselves at the start of yet another wave of authentication innovations. Only time will tell which ones will survive, morph into other systems, or even fail altogether. One thing is for sure though, and that is we are entering a realm where supreme authentication accuracy is possible with minimal, if any user effort.

Actually, we expect to see an overall improvement in customer experience (CX) due to the reduction, and sometimes elimination of additional user effort or ‘friction’ from authentication-specific tasks in the user process. An interesting observation is that some additional effort has become synonymous with authentication. Consumers have grown to expect inconvenience during authentication; and there are instances in the initial rollout of passive-authentication projects where complaints were received from suspicious consumers who were allowed to transact without having to actively authenticate.

This ‘zero effort’ authentication is made possible through access to an ever-widening set of data elements, cohesively combined from a variety of factors (such as device, network, location, transaction time, value, user identity, biometrics etc.) to determine a risk-based authentication decision. While this strategy is not new, the ability to continually assess the suitability of the authentication based on continuous monitoring of these factors during a single transaction, or across different transactions or channels is what sets this new methodology apart from previous point or task-based methods.



Categories: Intelligent Authentication, Articles, Mobile + Location