Updated: Dec 7, 2021
In 2020, the desire to make money, learn techniques, and have fun was the main hacking reason. On the other side, why a hacking attack is a nightmare for users. Data/money loss, fraudulent actions, and even the threat of legal liability for actions you didn't commit.
Personal accounts protection and accurate identification matter for businesses, not less than for individuals. At least for the above reasons. Today we offer you to walk through the stairs of authentication, considering its different methods: from the simple password-based one to the complicated KYC process in banks.
Are you ready for the journey?
What Are the Different Techniques You Can Use to Authenticate a User?
If you put a key under the mat for the cops, a burglar can find it, too. Criminals are using every technology tool at their disposal to hack into people's accounts. If they know there's a key hidden somewhere, they won't stop until they find it.
Tim Cook, CEO of Apple Inc.
Customer identification procedures are distinct. Their complexity determines their reliability. In some cases, you need to enter a password and log in. In others - to provide all personal data and biological materials for scanning. Let's consider the most popular authentication methods and determine what business they are suitable for.
Password-based authentication. It combines traditional identification via login (email, phone number, or user name) and authentication via password. For this purpose, Jira uses a user name, Facebook - phone number, or email.
Recently JEVERA's specialists have developed a contact center module for a large retailer with a 27 million audience. It provides entrance to a personal account using a login and password.
This method of authentication is suitable for almost any type of business. But it can hardly be called completely safe. Automatic data saving, one password for several personal accounts - these can lead to unauthorized entry. Therefore, fintech companies, banks, and any other enterprises operating sensitive data try not to use traditional authentication.
Third-Party Authentication. For user convenience, businesses often use authentication via Facebook, LinkedIn, or Gmail. The systems are integrated with the above social nets and share data. One system trusts the other in the context of correct client authentication. So, customers do not need to remember identification and authentication data.
You can use this type of authentication by creating an AirBnB account or subscribing to your favorite periodical. It is also difficult to call it completely safe. Not always a third-party service can guarantee 100% correct information about the user.
Barcode Scan Authentication. This procedure requires some material medium (for example, a plastic card) with a barcode. To enter the system, you need to scan it. It is often used by retailers, giving employees access to internal systems. You can also notice it, presenting a discount card at the checkout. The scanning immediately allows a cashier to determine the bearer.
A fascinating example of how barcode scan authentication works is receiving free Wi-Fi at Istanbul Airport. To access the service, a passenger needs to scan a passport.
Multi-Factor Authentication. You need to enter the email and password first and then confirm your identity by entering the relevant code sent to your email or phone. But sometimes, it is not compulsory.
If you have excess from your smartphone and need to enter from a laptop, the second level looks like the following. The system sends a notification on your smartphone that somebody wants to enter via laptop. If it's you - press a relevant confirmation button and get access.
Multi-factor authentication is considered one of the most secure. Following ResearchAndMarkets, its market value was over $ 10.5 billion in 2020 and will grow up to $ 28.3 billion by 2026. Companies use this method to recognize employees and grant them access to corporate accounts. Banks also prefer it for safety.
Authentication via an invitation email. There are even more secure ways of recognizing identity, such as this one. Here, identification occurs through the administrator. He/she sends you an invitation letter containing a link to the dialog box via email. You need to click on it and then ___________enter your password to get to your account.
They are used by enterprises where user identification significantly impacts service provision. Such was our next client. It provides software update services for more than 1 million smart houses around the world. The user's entry into the personal account is complicated because of the administrator's participation and is impossible without the latter.
Despite its advantages, this method is not entirely familiar and convenient for customers. It can negatively impact the user experience.
Biometric authentication. It provides the client's identity confirmation by scanning biological characteristics: fingerprint, retina, or voice. Following Forrester, in 2020, more than 60% of global security respondents plan to expand biometric authentication usage. Device manufacturers prefer it to ensure the highest data security level. The banking sector representatives apply it to conduct advanced know your customer (KYC) procedures.
In any case, even such a complex authentication method is not 100% accurate. Michael Muscat, Senior Vice President of Product Development Services at CPSI, once said:
We are giving away too much biometric data. If a bad guy wants your biometric data, remember this: he doesn't need your actual fingerprint, just the data that represents your fingerprint. That will be unique, one of a kind.
What Is KYC Verification?
This type of identification is so complex that we decided to devote a whole section to it. And so, first things first.
What is the KYC process? KYC or Know Your Customer is a series of procedures carried out as part of risk management to ensure safe cooperation. There are two types of KYC activities:
those that precede the cooperation beginning
those that are carried out periodically during the cooperation
Based on the obtained data analysis, a company determines the risk profiles. Private sector representatives often keep KYC rules compliance. For example, audit giant KPMG signs a contract for service provision only after careful verification that lasts 1-2 business weeks. It is mandatory according to internal company policies.
How is KYC conducted? For some industries, like banking, KYC is a regulatory requirement. It prevents online fraud and financial crimes. Let's consider how the KYC process looks like, taking banking activity as an example.
Stage 1. Collecting personal information from customers. Here banks must conduct a customer identification program (CIP) - an integral part of KYC. Here it is necessary to check the data provided by the client. Following 31 CFR § 1020.220, the following information must be verified by banks: name, date of birth, address, ID-number. Bank employees must carefully check them and provide a high level of their security.
Stage 2. Supporting document provision. A client has to provide a bank with a copy of his/her passport, ID card, or any other document confirming his/her identity and taxpayer status, as well as a credit/debit card.
Stage 3. Comparison of the data found about the client with the information and documents provided by the client. Here a bank must ensure that a customer has provided the correct information.
Sometimes KYC procedures are performed manually, but this method is not efficient and unsafe. Banks should understand the high risk of employee mistakes. Now banking institutions widely use Anti Money Laundering solutions with automated KYC procedures. According to the recent G2 ranking, the best software examples for these purposes in 2021 are Sanction Scanner, DueDil, Refinitiv World-Check Risk Intelligence, Encompass.