Secure Your Online Transactions
By Shekhar Kirani
India, Dec 24, 2008 1200 hrs IST

The Passive-Active Approach to Consumer Security for Financial Services With immediate access to information to help make timely decisions, today's consumers live more of their lives online than ever. For financial services firms, the online channel means increased opportunities to service these consumers who live their lives online. It also means increased risks, such as phishing, identity theft, online fraud, etc. And therein lies the challenge: combating fraud while maintaining customer satisfaction. Security must be seen to enhance - not inhibit - the online customer experience. Both a Passive and an Active approach are required to address financial services customer needs, building confidence, protecting the customer, while maintaining a positive online experience. Passive security happens in the back end and is not visible to consumers. Active security is visible to consumers and comes in the form of a stronger authentication via two-factor authentication credentials. Together, they are the one-two punch that helps to reduce fraud. Passive Security: Out of Site, Out of (Consumers') Mind Passive security solutions, also referred to as fraud detection solutions, build consumer confidence through a seamless and undisturbed experience with a financial services provider. Sophisticated fraud detection solutions monitor both online and telephone activity, and the system intervenes when any unusual activity is detected. Fraud detection solutions feature behavioral intelligence, which "learn" consumers' behavior patterns such as the time of day the consumer usually accesses the account, from which computer or phone, the amount of the transaction, usage patterns etc. If an anomaly in consumers' normal behavior pattern is detected, the system will intervene and require additional steps to validate the transaction such as a challenge/response question, phone call, a text message to the mobile phone on user profile to confirm a security code, etc. Security can also be enhanced by the sharing of threat intelligence/knowledge of different sources of fraud across a network. Thus, it is important to be part of an intelligence network that continually learns new sources of fraud attacks to better protect consumers. Active Security: Putting security into consumers' hands Active security positively impacts the consumer perception of the integrity of transactions with a tangible extra layer of security. Most common active security solutions come in the form of consumer authentication via usage of one-time passwords (OTP). OTP can be generated using credentials with different form factors such as tokens, credit card size and application on mobile phones or SMS-enabled mobile phones. The consumer carries this credential with them to use on sites requiring strong authentication. Consumers feel empowered with a second factor of authentication in that they're taking the extra step toward stronger authentication, thus further protecting their online identities. Although OTP technology has been around for over 10 years, it has now finally reached a tipping point in terms of consumer adoption, thanks to new delivery models such as authentication networks. Authentication networks are provided via a software-as-a-service delivery model, which is extremely scalable and quite cost effective for organizations because there is no infrastructure to maintain. For consumers, authentication networks can be compared to an ATM network, where an ATM machine will accept cards from all participants within that network. In other words, consumers can use a single credential to strongly authenticate themselves across any Web site that is part of a particular credential network. Leading online businesses around the world have taken an active approach to security, providing customers with an additional visible layer of protection that goes beyond the standard secure log-ins. These businesses include several banking and financial services firms as well as public sector organizations, leading ecommerce firms, and a plethora of other online entities. What's more, many of these online businesses have gone a step further to provide both passive and active security. The passive-active approach to consumer security addresses the needs of consumers and unique differentiation opportunities for financial services firms. Together, the dual-action solutions create positive service experiences for consumers that helps set a financial institution apart from others. The author is vice president, Verisign India