Authlogics Retail Banking Solution
The retail banking industry around the world today uses a variety of methods to authenticate their customers; they vary from a simple username and password through to dedicated biometric hardware solutions. A quick Google search for “banking hacks” will show that, despite all the money spent on these security solutions and authentication systems, the bad guys are still winning.
On the other side of the security battle is the unfortunate banking customer. The customer is bombarded with jargon, technology, tools and hardware. They don’t see any value in them and treat them with contempt as they are inconvenient and considered a barrier to getting things done. Furthermore, they must contend with different authentication methods depending on how they engage with their bank. There are often totally different ways to prove who you are depending if you’re in a branch, in a shop, on the phone, on the web or in an app – why does it have to be so complicated; especially when the security doesn’t work that well anyway?
Thanks to Authlogics for Retail Banking there is now a single simple way to authenticate a customer in any situation being Internet Banking, Mobile Banking, ATMs, Point of Sale, Telephone Banking, in Branch or for securing bank statements. The key behind Authlogics for Retail banking is the patented PINgrid technology which combines the high levels of security with simplicity in any scenario.
Benefits for the retail banking customers
Today a customer has to register for separate services, e.g. Internet Banking, Mobile Banking, Telephone Banking – and they all use different security systems. PINgrid provides consistency for the customer as they use the same logon method in every scenario. They don’t need dreaded passwords or PINs anymore, and they don’t need cumbersome dedicated hardware or even their mother’s maiden name. Furthermore PINgrid does not feel like a security barrier, more a simple gateway to getting things done safely.
Time is money, yet proving who you are to a bank today is not quick. Call center hold queues and juggling the myriad of passwords, codes, PIN’s and dongles slow down the process of simply getting on with banking for customers. Many of these systems add little real-world security, yet they certainly slow things down and frustrate people.
Free your customers from needing to remember or replace their passwords and PINs ever again. Passwords and PINs are known to be highly insecure yet they are still very widely used. They constantly need resetting, adding to customer frustration, and are continuously being compromised by malware, key loggers and phishing attacks. PINgrid eliminates the password problem entirely by simply not using them at all.
Benefits for the retail banking industry
Many banks today have different logon systems for in the branch, on the phone, on the Web and in an App. Managing these separate logon systems for different customer points of entry is an expensive exercise with staff and system duplication. Using a single system, such as PINgrid, across all mediums streamlines the operational process and provides a consistent level of security.
Happy customers make loyal customers. With the high cost of customer acquisition focusing on customer retention is critical. Providing a consistent way for a customer to prove who they are, regardless of if they are on the phone, Web or App will improve customer satisfaction and reduce frustration, this in turn will also attract new customers.
Retail Banking fraud is at an all-time high and bringing down the losses due to fraud has obvious financial benefits. Lots of money is already being spent on complex systems to reduce fraud with limited / mixed success.
Retail Banking Use Case Scenarios
Authlogics provides 3 Factors of authentication in one.
- Something you know: A PINgrid Pattern.
- Something you have: A registered mobile device running a banking app.
- Something you are doing: Adding a payee or transferring a large amount of money.
Customers are blissfully unaware that all this is going on for their protection and they can just go about their business. The Authlogics for Retail Banking solution covers many areas however these specific use case scenarios are key to show how PINgrid in particular adds real benefits.
Forget the days of complex web browser based logons where customers are forced to jump through hoops just to check their bank balance. No more passwords, hardware tokens, card readers or SMS messages that arrive 15 mins too late.
Scenario walk-through with task risk levels:
- Low risk task – PINgrid 1.5 Factor Authentication (pattern only) can be used by itself to simply check your account balance, or see if your pay check has cleared.
- Medium risk task – If you then want to download a statement or pay your rent simply step up to PINgrid 2 Factor via the offline Mobile Banking app.
- High risk – Now if you need to pay somebody new, or authorise a large transfer for a new car, then jump to PINgrid 3 Factor and sign the transaction.
The combination of PINgrid 1.5, 2 & 3 Factor transaction signing technology provides risk appropriate security no matter the task at hand. From the customer’s point of view all these tasks appear to be the same level of complexity – or simplicity; after all, why should banking customers be expected to be security experts?
In the smart device age, why should banking apps be treated as a second-class citizen to Internet banking via a Web Browser?
A mobile banking app today can be two solutions in one. Not only can it be an offline 2 & 3 Factor soft token, but it can also be a secure window into your account with built in authentication to securely do everything you could do via a browser – with step-up authentication built right into it.
As PINgrid can be built directly into a mobile app, it can also provide offline authentication to Internet or Telephone banking. When online, it can authenticate the user directly into full service banking with a consistent user experience.
Automated Teller Machines (ATMs) / Cash Machines
The 4 digit PIN has been the security standard since the first ATM card. Not only is it yet another code for a customer to remember (and never change), its 10,000 combinations hardly provide a high level of security. Theft of PIN codes from ATMs is rife with methods from fake ATM keypads to pin hole cameras being used to capture codes. The cards themselves are compromised by card skimmers cunningly attached to the ATM and the details are later used to create a clone of the real card. The captured PINs together with cloned cards result in theft from your account from half way around the world within minutes.
But what if you didn’t use a fixed 4 digit PIN at a cash machine ever again? PINgrid can be used with existing cash machine hardware and software to free us from the burden of the 4 digit PIN code and thwart this attack once and for all. Cash machines can also be backwards compatible for other customers who are not lucky enough to be protected by PINgrid by their bank.
Point of Sale Devices
Much like ATMs, Point of Sale (POS) devices in most of the world now require “Chip & Pin” (EMV) to approve payments in stores. The same 4 digit PIN is used everywhere and typed into more and more untrusted devices than ever. The PIN you enter is captured by the drug store CCTV camera and watched by the Kwiki Mart sales assistant. Your PIN is simply not safe anymore.
With more and more POS devices now sporting large colour screens, these can be used with PINgrid to produce a One Time Code; no more 4 digit PIN, so you don’t need to worry about who is watching anymore.
Even with all of the technology available today, sometimes you just need to talk to a human being. However once you eventually get through, it seems to take even longer to convince the person on the phone that you are who you say you are than it does to resolve your query.
You end up answering a bunch of generic questions anyone could find the answers to on Social Media, or spelling out your favourite football team on your fingers to find the 7th and 12th letter, and telling everybody in the office your date of birth only to find you spelt it wrong in your haste. You may even find that you aren’t even registered for “telephone banking” so you can’t even use the service, but you can get forms posted out to you which doesn’t exactly help at the time.
Imagine if you could simply open the offline Mobile Banking App on your phone, read out a One Time Code to the operator and then get on with your enquiry. This would significantly cut time spent on the phone, cut helpdesk costs for the bank, and make much happier customers – all with higher levels of security.
Have you ever tried to visit your branch without your bank card or ID, how do you prove who you are? Even if you have your ID how sure is the bank clerk that its not a fake ID?
If you can now securely prove who you are over the Internet or the phone, why should being physically in a branch be any different? PINgrid in branch gives the teller clerk assurance that you are who you say you are, and means that the customer doesn’t need to carry an ID or plastic card with them.
Secure Bank Statements
Financial information is very private and every measure should be taken to ensure it stays that way. With a gradual move from paper based statements to electronic statements more should be done to protect the data in a bank statement.
With Authlogics AuthentiDoc, every PDF bank statement can be encrypted with a Once Time Code using PINgrid. This ensures that the data is encrypted at all times no matter where it is downloaded to or which email account it gets sent to. Furthermore, the customer uses the same pattern they use everywhere else with no passwords in sight, and they can still view their statements on any device.
An AuthentiDoc watermark can also be placed inside the PDF document, so when opened or printed, it can actually be used as a physical 2 FA token for over the phone enquires even if the customer does not have their mobile App with them.