Whether it’s on mobile or an online browser, users are switching their digital activities between channels more than ever before. But can authentication keep up? Paul Miller, CEO and cofounder of mSIGNIA, joined PYMNTS for a discussion on how its mobile-first approach is making identity verification a cross-platform mainstay.
PYMNTS: For those who are unfamiliar with mSIGNIA, can you tell us a bit about what you do and the solutions you offer?
PM: MSIGNIA provides an app-based security using the data that a user adds to their mobile device, and through digital analytics, we can develop an understanding for how that data changes according to a user’s behavior. It’s more than a digital fingerprint; it’s almost like a digital biometric that allows a payment organization — a bank, a financial institution, health care provider or really whoever created the app — to recognize the user and the device without having to ask for them to put in a password or to enter a biometric. It’s a passive method that makes the access easier and safer.
When you customize and personalize a device, collectively, that data represents who you are, but, more interestingly, that data reacts as you use your device — as you make phone calls, send text messages, make calendar entries, take photos, etc. All the things that you do with your phone, the data that’s on the phone is subsequently going to react to those actions. Most of us are creatures of habit, so not only is the data unique but the way the data changes can be learned by our data analytics system so that the user doesn’t have to be bothered with representing who you are. Instead, the service can actually recognize you and your device. That’s the advantage to being passive and really the magic of a behavioral analytics engine. The initial connection can allow you to be recognized passively, easily, safely so that you can get right into doing the reason why you logged onto the app in the first place.
PYMNTS: One of the interesting aspects of your security solution is that it goes across channels. How important is it for cybersecurity and authentication to be a cross-platform or omnichannel effort in today’s digital landscape?
PM: It’s critical right now. We are in an omnichannel environment, so a user can conduct their business across laptops, PCs, mobile phones, tablets. You never want to deny a user access to the service, so that omnichannel profile is very important. One of the things that we like about the omnichannel is there are data sets that kind of transcend devices; so, for example, if I have one or two mobile phones and I have a tablet and a laptop, a lot of the data that is core to who I am is synchronized across those different devices. Regardless of which channel a user wants to come in on to make a payment, to shop or do their banking, there is going to be some of their digital DNA on the device that we can validate. One of the things that mSIGNIA has come up with as well is this silent push mechanism so that if a user is coming in through on a PC, we can also do an out-of-band validation against their mobile device. But, again, we can do it invisibly or silently. We don’t have to force the user to enter an SMS one-time passcode; instead, we can actually push a message to the app on the device, do our digital biometric assessment and invisible authentication and then compare and contrast the two channels — the mobile phone with the PC — to ensure that the user is actually who they say they are. We like to actually leverage that multichannel availability to provide better security, better in terms of it being safer and easier.
PYMNTS: What new trends or innovations do you see on the horizon in the security and authentication space? How is mSIGNIA helping its customers stay in front of advancing technologies in such a rapidly changing environment?
PM: We are really excited about two industry efforts. We all know that, in the U.S., we finally got chip cards, but with that, the online fraud triples, on average, because it’s harder to do in-person fraud so the fraudsters get bored and move online. EMVCo is out ahead of this in attempting to get a new version of their online payments security, called 3D Secure (3DS). Version 2.0 of the specification will address not only the browser-based payments but also app-based payments and identity and verification for the enrollment of a new customer or new device. We are working with some of the credit card networks to make sure the solution that gets released is mobile-first, that it will work in the mobile environment and leverage the strengths of mobile, even when the user is coming in through a PC browser. It will eliminate that friction that causes shopping cart abandonment but still maintain the security that’s required.
The other innovation point we are involved with is FIDO [Fast IDentity Online]. They are looking at how to make the methods of authentication better so that it scales and doesn’t have the domino effect if someone steals a password. MSIGNIA is a technology member for both those organizations, and we are using our expertise to make sure that the rollouts address the new ecosystem that is mobile, overlay that on PC, but then also make it easy and safe for everybody to use.
PYMNTS: What’s next for mSIGNIA in 2016? Do you have any news or updates you’d like to share?
PM: Data that transcends the device — data that stays consistent even as a user gets new devices or add devices — tends to really represent that user, and the synchronization of that data is significant. In the past, in order for one individual to pretend to be someone else online, they just had to learn a password or go online and social engineer a few knowledge-based authentication questions, but now, when you look at the data that belongs to the user and you look at the data that’s on the new device, if those two data sets aren’t consistent you know you’ve got a problem. That’s called identity verification for the enrollment of a new device and a new user, and it’s a big fundamental need for this industry as we start to digitally enable credit cards.
The credit card, as we know it, will be gone sometime in the future as they tend to migrate into smartphones, but provisioning those credit cards safely and reliably today, as well as tomorrow and into the future, is something that mSIGNIA is working with a lot of interesting groups about. You can expect to see some releases about how to safely provision payment cards but also how to make the access to authentication of those services fast and easy and safe, allowing us to actually accelerate the payment and still keep it invisible to the end user.
mSIGNIA will be among the innovators participating in the Innovator Expo at this year’s Innovation Project, taking place March 16–17 at Harvard University.