Frictionless authentication: Ensuring digital identification processes remain seamless and secure
Guest post by Dr. Mohamed Lazzouni, Chief Technology Officer, Aware, Inc.
As COVID-19 continues to accelerate digital transformation and more applications move online, many industries have begun integrating biometric digital identification procedures when onboarding new and current users. In doing so, authentication and authorization play increasingly critical roles in protecting vital information. Fraud and data breaches continue to pose threats to industries across the board, so consumers and network operators are now demanding higher levels of security. At the same time, 73 percent of consumers said difficulty opening a new digital account would be a deal breaker for them when deciding between services, stating that most often, they would opt for another service if one did not meet expectations.
This has created a balancing act for security firms trying to provide the right levels of frictionless authentication that satisfy both users looking for simplicity and those charged with protecting personal information. To help organizations and consumers prioritize identification, authentication and verification solutions that ensure security while remaining frictionless, it’s important to understand the role biometrics plays in this process, the need in preventing complex security procedures, and the value of ensuring ease-of-use for end-users. Let’s explore these fundamentals in more detail.
Understand the role of biometrics in securing digital identification
In accelerating digital identification processes, industries have put emphasis on passwordless approaches when onboarding and managing consumer accounts. A key component to a passwordless approach is the use of behavioral and physical biometric authentication, which generally involves multiple systems working together, incorporating biometrics with consent from the user. Behavioral biometrics relates to the identifying and measurement of patterns in human activities. Physical biometrics leverages physiological features on the human body to authenticate user identity.
Both physical and behavioral biometric attributes are hard to spoof or fake, which ensures an extremely high level of security for the user. These biometric data tableaus cannot be forgotten, and are nearly impossible to spoof, so they provide far more security than conventional username/password systems. Through factors like speaker recognition, facial recognition, fingerprints, heart rate scans or retina scans, as well as using artificial intelligence to identify body movements or behavior, service providers can easily adapt onboarding processes to support new methods of authentication.
Prevent unnecessary steps in digital onboarding processes
How serious vendors are in adopting services that meet frictionless authentication expectations – and how much compromise both users and vendors are willing to make – will say a lot about the future of commerce and security itself. Vendors want to avoid complex integration processes, which hinders their willingness to change or update onboarding processes already in place. Difficult-to-follow new business models will add obstacles in securing identity that vendors don’t want to take the responsibility of safeguarding. Because of this, vendors are more likely to stay within the walls of traditional multi-factor authentication (MFA).
At the same time, users want convenience and they have little patience when hurdles are thrown up in front of them. This is why the username/password combination has become both the weakest link in the protective chain and consumers’ least preferred authentication alternative. While MFA aids in securing passwords, it lacks the flexibility users look for, so the steps it requires to ensure protection can turn users away from leveraging the added layer of security. This ends up leaving them vulnerable to a whole host of risks and susceptibilities. On top of user resistance, the biggest source of friction – and theft – in the authentication process continues to be passwords, which has become much easier for hackers to guess passwords (currently accounts for 80 percent of all data breaches). This comes down to the fact that users hate password programs that require long, complicated nomenclatures and so they defer to simple password schemes. This is largely due to the fact that they have to remember an average of 27 passwords.
Ensure customer experiences remain simple and secure with frictionless authentication
Onboarding and authentication processes will continue to be a balancing act for decision makers. On one side, consumers expect little to no friction when it comes to their user experience. Yet, IT leaders want to ensure that the user on the other end is in fact the person that they are claiming to be. When applied correctly, biometrics can increase security without adding more steps or crippling the current experience and can provide modern authentication that IT leaders and consumers are both looking for.
By placing strategic emphasis on offering consumers flexible approaches to their biometric authentication needs, it ensures that regardless of the implementation a customer chooses – server-centric, browser-based or on-device – they have the ability to balance passwordless security with convenient usability. By doing so, organizations avoid impacting the freedoms and benefits gained in mobility which solutions that ensure the device on which the identification and onboarding is done is not fixed or tethered. At the same time, vendors benefit from this flexibility with compelling business models and seamless integration that work with leading identity and access management platforms already in place.
Most importantly, ensuring that the biometrics system in place aligns with the level of security the personally identifiable information (PII) in question requires allows organizations to deploy different methods of authentication based on specific levels of risk. Gartner predicts that by 2022, 70 percent of organizations will be using biometric authentication for employees via smartphone apps, up from single-digit percentages in 2018. Moving toward a frictionless authentication process allows users and network operators the ability to choose the authentication methods they’re most comfortable with. Integrating biometrics into those methods will provide the balance users and enterprises crave.
About the author
Dr. Mohamed Lazzouni has been Aware’s Chief Technology Officer since November 2019, and currently serves as a board member of Epochal Technologies, Inc., a provider of demographic data solutions. Prior to joining Aware, Dr. Lazzouni served as President and CEO of Epochal Technologies, Inc. from August 2018 to November 2019; President of the Anti-Counterfeiting Business and Chief Operating Officer at Authentix, Inc., a provider of authentication solutions, from 2013 to 2018; Chief Technology Officer and Senior Vice President of MorphoTrust USA, LLC, a provider of identity assurance solutions, from 2006 to 2013; and as Chief Technology Officer and Senior Vice President of Viisage Technology, Inc., a provider of identity verification technology, from 2001 to 2006. Dr. Lazzouni received his Ph.D. in Physics from the University of Oxford, his Master’s degree in Physics from the University of London, and his Bachelor of Science degree in Physics from Badji Mokhtar University, Annaba (UBMA).
DISCLAIMER: Biometric Update’s Industry Insights are submitted content. The views expressed in this post are that of the author, and don’t necessarily reflect the views of Biometric Update.