March 18, 2021
Multi-Factor Authentication (MFA) is a key requirement in ensuring a safe and secure transaction in the digital world. It’s defined as an electronic authentication method in which an event is verified only after successfully presenting two or more factors of authentication mechanism evidence. The factors are as follows:
Most industry-wide strong authentication guidelines such as the National Institute of Standards and Technology’s (NIST) guidelines in the US or PSD2 SCA (strong customer authentication) rules in the EU follow the above guidelines or even mandate at least two of the above three factors be satisfied prior to the approval of high-risk events.
Currently, the use of MFA in online banking, payments, and other high-risk events relies heavily on SMS or voice one-time passcodes (OTPs). The usage of SMS as a delivery channel has multiple benefits: device- and network-agnostic, customer usage ease, organization administration ease, and database addition of telephone numbers.
Despite these benefits, OTPs have their drawbacks. They are vulnerable to man-in-the-middle attacks and can be compromised by SIM-swap fraud. A study by Prove, which analyzed over 385,000 SMS and voice OTP-based transactions across industries, found that 5% of them had low SIM tenure, indicating a high possibility of a recent SIM swap or an account takeover.
This issue is not just confined to the US; it is a global one.
With a rise in SIM-swap and man-in-the-middle attacks, strengthening OTP is critical for companies that want to continue using it as a multi-factor authentication method. Factors such as length of the OTP, expiration period, delivery channel, and dynamic linking are important attributes to ensure safe usage of these one-time tokens.
Here are some methods that can help fortify MFA:
Apart from significantly reducing identity theft, advanced solutions in identity proofing and authentication deliver revenue and operational upsides such as better consumer experience, enhanced exception management, and lower cost of fraud management.
The COVID-19 pandemic has accelerated the pace of digital transformation across industries. However, it has also opened the door for bad actors to take advantage of weak security implementations. Companies need to look beyond traditional methods and adopt solutions that fortify existing authentication practices to fend off improvised identity takeover fraud.
Read and learn about FinTech topics you are interested in.