Entrust Datacard building out continuous authentication capabilities
The ability to continuously authenticate a user during a session is a major opportunity for financial and banking companies with mobile customers, says Entrust Datacard global vice-president of authentication Ryan Zlockie. Entrust Datacard will make announcements related to continuous authentication at RSA 2017 and in March, the later related to biometrics, Zlockie told Biometric Update in an exclusive interview.
“A lot of things are changing with the banks, that are really putting authentication even more front and center,” Zlockie says.
As banking changes to an omnichannel, self-service, digital user experience, the importance of maintaining security for the duration of a session is moving the industry away from event-based security. Financial companies are turning instead to continuous authentication, which Zlockie says Entrust Datacard is strongly positioned to help them do, having built a solution based on its proprietary adaptive analytics engine.
Entrust Datacard collects data from as wide a range of source as possible, including behavioral biometrics, device identification, and others, including other biometrics. The approach allows unusual usage to trigger a step-up of security measures, including requests for user authentication, while reducing their need when the balance of factors indicates that the session is secure and low-risk.
“Behavioral is typically thrown out there for continuous. For us, behavioral is not only a continuous play. It’s also for whenever we want to do any type of repudiation, when we use a very strong credential form, to climb up with some behavioral stuff leading up to that. That gives you your most secure transaction.”
Zlockie says that continuous authentication alters the balance can be achieved with between strong security and user experience. “Now you can push strong security down to the masses without making them feel like they’re productivity’s being impacted by security.”
This not only improves user experience, it provides defense against man-in-the-middle style attacks, or use of stolen credentials, which remain one of the main attack vectors for costly security breaches.
Entrust Datacard uses fingerprint as its strong mode of verification for continuous authentication currently, but Zlockie is bullish on the potential of facial and particularly iris recognition.
“It’s not about single factor versus multifactor. That’s a dated conversation. We should be moving into the world of the right user experience, using pattern analysis and biometrics. Face recognition could have a place in continuous eventually, because you can do it behind the scenes and still have it be transparent to the user, although it’s not in the mainstream of continuous conversations today.”
Entrust Datacard provides the adaptive engine that powers its continuous authentication service, and is focused on integrating the technology seamlessly with customers’ applications, while technology specific to biometrics is provided by its partners. “Our biometric partners are a key strategic area of our solution,” Zlockie says. He also reveals that the company will make an announcement in March related to the biometric technology backing its continuous authentication.
While that may involve facial or iris recognition, Zlockie says Entrust Datacard is also continuing to build on its behavioral capabilities.
Entrust Datacard is positioned to secure mobile banking and other security-conscious markets by moving from security based on static events, rules, and policies to continuous security leveraging the new predictive and self-learning powers of advanced computing. The company’s upcoming announcements could move continuous authentication closer to mainstream security practice, significantly impacting companies delivering mobile services, along with potential partners in the biometrics industry.