Browser ID and ‘Silent Authentication’ Underpin Online Banking Security

With so much focus placed on mobile banking and digital wallets, online transactions are often lost in the mix. While mobile devices have become ubiquitous, conducting transactions via desktop browsers is still an essential channel. And with the move online comes a different variety of fraud and identity theft. Browser-based authentication presents unique challenges, particularly in maintaining a balance between security and user convenience.

Entersekt, a leading company in the financial authentication space, is developing solutions that address these issues. Entersekt Vice President of Product Identity and Authentication Mzukisi Rusi told PYMNTS recently that traditional methods, such as cookies and device fingerprinting, are increasingly restricted due to privacy concerns and regulations enforced by tech giants like Google and Apple. The best authentication, he said, is silent.

“Identifying a returning browser without using cookies or fingerprinting methods, which infringe on privacy, is complex,” Rusi said. “Our approach utilizes cryptographic proof and signatures to uniquely identify devices, ensuring privacy and security.”

In the realm of identity verification, user experience is critical. Active authentication methods, such as entering one-time passwords (OTPs) or biometric verification, although secure, can disrupt the user experience. Entersekt’s solution to this problem is “silent authentication,” a method that works unobtrusively in the background.

“Active authentication requires direct user involvement, like entering an OTP or approving a push notification, which can interrupt the user experience,” Rusi told PYMNTS. “Silent authentication, on the other hand, uses risk assessments and strong signals, like Browser ID, to verify possession without user input. Think of it as an invisible security guard ensuring your identity without needing your constant input.”

Entersekt has patented a unique approach to multifactor authentication (MFA) that enhances both security and user experience. Their Browser ID technology acts as a digital fingerprint for browsers, offering a privacy-friendly alternative to cookies and traditional device fingerprinting.

“Browser ID uses cryptographic signatures to identify a device,” Rusi said. “When challenged, the device silently proves its identity by signing a challenge with a private key. This process is designed to respect user privacy and does not track browsing history or share data across sites.”

Moreover, Browser ID can be combined with other risk signals, such as behavioral biometrics, to enable true MFA even in a completely silent manner. This means users benefit from strict security without any active involvement, achieving a balance between usability and protection.

Roadmap for the Future

Entersekt’s vision for the future revolves around expanding the adoption of Browser ID and enhancing the user experience across various digital channels. The firm is already seeing positive feedback from financial institutions (FIs) in the U.S. that have implemented this technology.

“We’ve rolled out Browser ID to several financial institutions, and the feedback has been overwhelmingly positive,” Rusi said in sharing Entersekt’s roadmap for the future. “Users appreciate being recognized as trusted without needing to repeatedly authenticate. We aim to expand this technology across more channels and continue improving the balance between security and user convenience.”

The broader goal for Entersekt is to ensure compliance with regulatory frameworks, such as PSD2, without compromising on user experience. Rusi notes that his company aims to adhere to regulations like PSD2 by digitally signing transactions on a customer’s device silently, ensuring both integrity and compliance. This results in a secure user experience without additional steps.

For FIs, implementing Entersekt’s Browser ID offers several operational benefits. Reduced fraud rates, improved customer loyalty, and lower costs related to fraud prevention and user authentication are just a few of the advantages.

“Financial institutions benefit from enhanced security, which leads to lower fraud rates and happier customers,” Rusi said. “Additionally, adhering to regulations without compromising user experience can result in stronger customer loyalty. FIs also gain stronger risk signals, allowing them to decide when to actively challenge users and when to allow seamless transactions.”