This year the theme of the RSA Conference in San Francisco was “The Human Element.” Accordingly, presentation topics and vendor collateral featured GDPR (General Data Privacy Regulations), MFA (Multifactor Authentication) and behavioral biometrics. This is a major departure from past years, when only a smattering of session topics wandered outside RSA’s core topics of cryptography, cybersecurity and data breaches.

RSA’s CEO Rohit Gai summarized the shift in focus very well in his opening keynote by explaining, “The story we want is a business story of cyber resilience, not a technical story of cyber ping pong.” Rather than focusing attention on the constant battle between hackers and their opponents, Gai urged attendees to turn their attention to the impact on end-users. This big tent approach highlights companies whose solutions gauge the impact of security technologies on user experience (UX) and, in the context of e-commerce, customer experience (CX).

Reintroducing IAuth

Innovations that foster easy establishment of trusted links between brands and their customers over digital networks and devices are of special interest. This includes single-sign on, continuous multi-factor authentication, behavioral biometrics and anomoly detection other innovations that Opus Research places into the category of Intelligent Authentication (IAuth).

As a refresher, “IAuth”, Opus Research coined the term in 2018 to describe technologies and processes that support “secure, trusted, friction-free commerce. They simplify the steps that individual shoppers or customers have to take in order to assure their banks or other businesses that they are who they claim to be. Opus Research’s interest in IAuth grew out of early research into the role Voice Biometrics could play in simplifying user authentication in the course of a phone call.

Contact Centers Remain the Epicenter for Fraud

RSAC is, by no means, a Contact Center showcase. Nonetheless, solutions that addressed the vulnerability of contact center agents to social engineering abound.

Pindrop used the event to introduce of Deep Voice 3 which leverages the use of Deep Neural Networking in conjunction with voice processing and analysis of metadata that accompanies phone calls to shorten the time it takes to authenticate an incoming caller and identify known fraudsters. As a heads-up, Pindrop’s co-founder and CEO Vijay Balasubramaniyan noted that the company has made significant investment and advancement in detecting synthetic voices as part of a major effort to thwart fraud that arises from so-called “deep fakes”.

Nuance Communications made its first appearance as an exhibitor at RSAC2020 to showcase Gatekeeper, a software platform that uses biometric factors and artificial intelligence to authenticate callers and identify fraudsters. For Nuance, exhibiting at RSA provided an opportunity to tout leadership in terms of the hundreds of millions of individuals who had registered their voiceprints to enable rapid authentication by banks and financial service companies and to show how Gatekeeper leverages its experience and product offerings to support fraud loss reduction and strong, simple authentication across multiple channels, including messaging and chat.

Next Caller – Another noteworthy exhibitor that showcased its technology for detecting and deflecting contact center fraud is Next Caller. Its flagship service, Vericall, analyzes the threat level that an incoming call poses based on data or metadata associated with the originating phone number. It can perform the analysis before an IVR is pressed into service to determine the purpose of a call, or it can be done in the course of a conversation with a speech-enabled IVR. The analysis is done “in the background” and can replace SMS-based one-time passwords which are often employed to give a brand confidence that a mobile number has not been spoofed.

Making Smartphones the Front Line For IAuth

As eCommerce goes omnichannel or optichannel, smartphones have assumed their role as the front line for IAuth. These two firms, who attended or exhibited at RSAC2020, illustrate three different approaches to supporting strong, continuous authentication or fraud detection among the smartphone community.

Nok Nok Labs – Long the principal technology provider behind the FIDO Alliance (FastIDOnline) and its efforts around “passwordless multifactor authentication”, Nok Nok Labs used RSA as a venue to showcase new software and firmware to authenticate through the tens of billions of smart endpoints comprising the Internet of Things (IoT). Rolf Lindemann, Nok Nok’s Vice President of Products, showed how the company had successfully deprecated the use of passwords through mobile browsers (especially now that Apple has joined the board of the FIDO Alliance) and now stood ready to support effortless authentication through smart watches, wearables, smart speakers and chatbots.

Payfone – This New York-based company founded in 2008 provides what it calls “holistic identity authentication” in real time for calls originating from mobile phones. It is a very low-latency service that is able to capture data emanating from mobile devices and assign a trust score based on anonymized data compiled from a multiplicity of carriers.

Adding  Factors, Use Cases and Deep Learning

The next frontier for IAuth is to expand its horizon of use cases, and the biometric factors used to provide strong authentication. We’ll close this post with a description of the efforts of Biocatch a company that, ostensibly, focuses on behavioral authentication. It has successfully applied its technology to prevent three of the most common forms of fraud: Account Opening, Account Take Over and “social engineering voice scams” where fraudsters impersonate officials to convince users to transfer money via digital channels to fraudster bank accounts.

Its core technology is able to detect a fraudster by observing such behavior as the speed at which they answer questions or type responses into a form. Imposters or fraudsters follow known patterns (like entering certain info by rote while pausing to look up other information) that expose them as criminals. With its recent acquisition of AimBrain it Biocatch will be adding more machine learning and deep neural networking to its antifraud arsenal.

Convenience, Speed and Trust

There are three attributes that IAuth solution providers display. They operate in the background to ensure security without interfering with an individual accomplishing his or her overall objectives. They exhibit very low-latencies so that those objectives can be accomplished quickly. Yet the promote trust by promising brands that they are able to detect fraudsters with high degree of accuracy and, conversely, offering assurances to customers or prospects that their personal data is protected.

It was gratifying to see some of the leaders in IAuth showcasing their wares at RSAC.

Categories: Intelligent Authentication, Articles