Today’s Topic: Security
If there’s one certainty in financial services, it’s that every new service will be accompanied by new ways to commit fraud. The massive proliferation of online and mobile services has led to an equally massive number of attempts at hacking those services. Luckily, those black hats have also spawned a new breed of sentries at the gate. Here are three trends in security to look for at the show:
- Tokenization making moves – What massive hacks like the Target breach have highlighted is the danger in having a single card number that, when breached, can be used with relative impunity until the fraud is discovered. While technology like EMV is great for protecting your physical card, tokenization helps in card not present transactions. Tokenization involves substituting a card’s Primary Account Number (PAN) with a unique, randomly generated sequence of numbers, alphanumeric characters, or a combination of a truncated PAN and a random alphanumeric sequence. Tokenization is nothing new, but there are new applications that make it more accessible and easier to implement. Able to stunt the ability of ne’er-do-wells to exploit your information and spurred on by the growing number of mobile transaction types, this is certainly a technology poised for wider adoption.
Companies to watch:
- Abine (www.abine.com) combines financial, email, and password protection together into their Blur application. With flexible security options, users have the choice of selecting their real card number or a “masked” card number for transactions.
- ProPay (www.propay.com) is a favorite PayPal alternative that offers a whole host of payment services, one of which is tokenization. With a footprint and following in the SMB space, they provide a solution that helps protect data through tokenization and encryption from the transaction through to the merchant information storage.
- SimplyTapp (www.simplytapp.com) is a mobile payments platform that relies on a “virtual secure element in the cloud.” This allows for communication and updating between a user’s digital wallet or banking app and SimplyTapp’s cloud platform, leveraging both Host Card Emulation (HCE) on the device and tokenization for data transfer.
- The PIN becomes passe – There will come a time, likely very soon, when kids will marvel at the fact that their parents had to remember dozens of passwords made up of numbers and letters (sometimes only 4 numbers!) in order to access important things like their money. Led by the fact that everyone now carries a powerful mini-computer equipped with a high resolution camera around in their pocket, alternative methods of identity verification and authentication are making a strong push into the mainstream.
Companies to watch:
- Socure (www.socure.com) introduced their new “Percieve” product at Finovate Fall. The company uses facial recognition to (almost) instantly verify a person’s identity by comparing the face of the person with trusted online and social media profile data to confirm that users are who they say they are.
- EyeVerify (www.eyeverify.com) and their EyePrint ID technology help verify your identity for login and transaction purposes using your 1MP+ camera to “image and pattern match the unique blood vessels in the whites of the eye and other eye-based micro features.” Whoa.
- NuData Security (www.nudata.com) looks at behavior rather than biometrics for its security solution. In a move straight out of “Minority Report”, NuData attempts to highlight the intent of a fraudulent user “before they have a chance to penetrate your website and do damage.”
- VoiceVault (www.voicevault.com) takes yet another angle at passwordless security with voice biometrics which, according to the company, allows for voice e-signatures that are legally binding so your customers can, “Speak on the dotted line.”
- Tying every device to its proper owner – Device manufacturers have done an excellent job of driving the desire for upgrading to the latest and greatest phone or tablet every 12-18 months. As such, there are lots of devices out there and these devices can change owners frequently. For financial companies, this requires a balancing act between ease and convenience for their customers and a certain amount of verification and authentication to protect against fraud (“Please confirm the name of your second cousin’s dentist’s pet parakeet…”). Luckily, there are some security companies that are pioneering better ways to verify which devices belong to which individuals.
Companies to watch:
- Early Warning (www.earlywarning.com) has been a leader in risk mitigation for the major US financial institutions for years, recently adding mobile verification services. Early Warning combines device info and connections to the Mobile Network Operators (MNOs) to create a mobile identifier that “serves as a persistent key that can’t be manipulated and stays with the consumer, throughout their entire U.S. mobile lifecycle, regardless of mobile changes.” (ed. note: Early Warning is a CSTMR client)
- iovation (www.iovation.com) delivers device-based authentication by identifying usage patterns that suggest fraud. The company “flags over 45 types of suspicious behavior” to help uncover hidden associations and other risk factors.
- InAuth (www.inauth.com) is tackling the enterprise market with their SDK, which allows valid devices to connect to business’s mobile apps, while flagging potential fraudsters. Their solution creates a permanent device ID that can’t be reset or wiped from the device to ensure only approved devices are able to connect.
That concludes our “Trends for Money 20/20: Security.” Our next and final installment will include a roundup of companies that we think are doing cool stuff that will be at the show. If you know of any companies or technologies that we should check out, let us know!
Interested in discussing these or any other financial services or marketing topics in person at the conference? Contact me to set up a time. See you there!