Authentication & Identity

• Security keys are making headlines because a new generation of biometric security keys is finally starting to hit the market. The biometric keys are landing in a security key market that is already flush with non-biometric options. The new biometric security keys deliver the security benefits of multi-factor authentication without requiring any additional hardware, and while eliminating the inconvenience of passwords. End users get both a biometric scanner and a security key in one convenient package, and have access to two fully passwordless modalities. The result is a strict security upgrade over a non-biometric key.
• A cybercriminal would not be able to use a stolen biometric security key because they would not be able to spoof the biometric scan (at least not without considerable cost and effort), so biometric keys close the one major security gap associated with physical security tokens.  Regardless of the intention, a biometric scan still adds a step to the authentication process. However, that disadvantage disappears if the non-biometric key is being supplemented with an additional authenticator like a password. A biometric scan is usually easier than remembering and typing a string of letters, numbers, and symbols, and a fingerprint cannot be bested with a brute force attack. That makes it more convenient than a traditional key in any situation that requires multi-factor authentication. Biometric keys are a strong authentication option with a solid form factor that provide more security and a better user experience than many of the products currently on the market. 

Read Article

Managing the lifecycle of permissions includes revoking them automatically rather than manually when they’re no longer needed, which would prevent data breaches like Experian’s. Attackers accessed the data through an API running on a version of the Java Struts framework with an unpatched vulnerability. The reason it hadn’t been patched is that it was set up for a competition by somebody who then left the company. An identity inventory would have caught the API access, and lifecycle management would have revoked that once it was no longer needed.That’s what products like CloudKnox promise.Microsoft is selling and supporting the existing CloudKnox products, but there are obvious opportunities to integrate with services like Azure AD and Azure API Management, and to build on the Microsoft Graph. Part of the appeal of CloudKnox is that it covers multiple cloud services—AWS, GCP and VMware as well as Azure—and Microsoft isn’t changing that. It really complements the strengths of Azure AD, where Microsoft is providing end-to-end identity management, especially for human identities.

Read Article

Cloud banking software platform Blend has launched Blend Income Verification, a new product for financial services firms that delivers instant income verification for mortgages and, soon, consumer loans and deposit account opening. The new tool acts as a single income verification provider across banking products and lending scenarios by combining multiple data sources and verification methods, enabling financial services firms to streamline credit risk assessments for all types of consumers. Blend Income Verification is an authorized report supplier for both Fannie Mae’s Desktop Underwriter ® (DU ® ) validation service and Freddie Mac’s asset and income modeler (AIM), allowing financial services firms to easily take advantage of these programs for mortgages they manage through Blend. Additionally, the product will be fully integrated into Blend’s cloud banking platform, enabling customers to rapidly activate and configure the new income verification capabilities across products.

Read Article

Fiserv is enabling financial institutions to build their SMB programs through the launch of a cloud-based, digital lending and credit platform. The latest Fiserv offering, leveraging the Atlas Platform from fintech StreetShares, allows financial institutions to manage the full lending lifecycle from digital document capture, underwriting, offer management and closing – delivering against the expectations of both staff and customers. The platform includes strong analytics capabilities, automated decisioning insights and a streamlined, integrated small business owner hub that makes it easy for financial institutions to make and edit digital loan offers. The Atlas Platform will be integrated with Fiserv core systems beginning in Q4 2021.

Read Article

Equifax has rolled out a new Digital Identity-as-a-Service capability, along with a new partnership with Bonifii as the first to adopt the tool. Equifax’s Digital Identity-as-a-Service puts together data and analytics with modern cryptography, enabling a higher degree of trust without sacrificing the user experience. Bonifii will add it to its MemberPass program, helping credit unions (CUs) onboard members. For consumers, the solution can facilitate more control over the information that’s shared, adds more protection against identity fraud and account hacks, and strengthens user profiles with differentiated data. With Digital Identity-as-a-Service, it’s possible to achieve both with greater identity assurance through optimized technologies.  CUs must interact with members across various channels like websites, mobile apps, call centers, ATMs and branch drive-thrus. With MemberPass, CUs can get better control and verification options, and Bonifii’s technology can assist with digital interactions. Working with Equifax will allow MemberPass to help credit unions have the confidence to grow their businesses by saying ‘yes’ more to good consumers. That is the aspiration of this innovation partnership.

Read Article

Equifax has rolled out a new Digital Identity-as-a-Service capability, along with a new partnership with Bonifii as the first to adopt the tool. Equifax’s Digital Identity-as-a-Service puts together data and analytics with modern cryptography, enabling a higher degree of trust without sacrificing the user experience. Bonifii will add it to its MemberPass program, helping credit unions (CUs) onboard members. For consumers, the solution can facilitate more control over the information that’s shared, adds more protection against identity fraud and account hacks, and strengthens user profiles with differentiated data. With Digital Identity-as-a-Service, it’s possible to achieve both with greater identity assurance through optimized technologies.  CUs must interact with members across various channels like websites, mobile apps, call centers, ATMs and branch drive-thrus. With MemberPass, CUs can get better control and verification options, and Bonifii’s technology can assist with digital interactions. Working with Equifax will allow MemberPass to help credit unions have the confidence to grow their businesses by saying ‘yes’ more to good consumers. That is the aspiration of this innovation partnership.

Read Article

EMV 3DS 2.3 introduces enhancements to increase flexibility for optimising EMV 3DS implementation across multiple channels and devices, help issuers identify fraudulent transactions more quickly and accurately, and streamline the authentication process for consumers to improve the overall payment experience.

Key updates include:

• New Split-SDK model with multiple variants makes it easier to implement EMV 3DS across both traditional and non-traditional e-commerce payment channels and devices, such as smart speakers and other IoT devices.
• EMVCo has collaborated with the World Wide Web Consortium (W3C) and the FIDO Alliance to include support for WebAuthn (Web Authentication) and SPC (Secure Payment Confirmation) that issuers and merchants can use within the EMV 3DS flow to better determine the legitimacy of a transaction in order to reduce the risk of fraud.
• Support for device binding, which enables the consumer to be remembered on their device and can reduce the need for an authentication challenge.
• Automated out-of-band (OOB) transitions, which help the consumer to switch seamlessly between a merchant application and an authentication application.
• Additional recurring transaction data and EMV Payment Token data, which help issuers to better identify the transaction and can simplify the authentication experience for future purchases.

Read Article

Ping Identity has enhanced its PingOne Cloud Platform with new online fraud detection and other intelligent capabilities that strengthen enterprise cloud security while improving the overall user experience. Ping’s comprehensive end-to-end platform services now allow enterprises to take advantage of the industry trend of converging technologies for online fraud detection, identity proofing, and authentication all from a single cloud identity vendor. PingOne+Fraud (formerly SecuredTouch) provides session-based, online fraud detection that detects both automated and manual malicious behavior, without requiring access to PII (Personal Identifiable Information). PingOne Fraud combines real-time behavioral biometrics, navigational analysis, device identification and network signals to detect sophisticated fraud attacks that bypass traditional detection tools and it visually explains to fraud teams where and how they’re being attacked. PingOne Fraud conducts real-time unique session analysis to clearly distinguish legitimate customers from cybercriminals and protects against things like bots, account takeover and new account fraud. It also improves the customer experience by reducing intrusive fraud measures such as CAPTCHA, working behind the scenes to protect organizations without interrupting customer sessions. PingOne Fraud safeguards organizations from losing money by intelligently detecting attacks before the checkout process begins.

Read Article

• BioCatch has launched Age Analysis, a breakthrough account opening protection capability designed to prevent costly forms of financial fraud. This capability allows for a customer-centered fraud prevention solution that is designed to protect vulnerable customers, especially elderly users who are often targeted by cybercriminals, while enabling positive digital experiences.
• The BioCatch solution extracts physical, cognitive, and other age-related characteristics as the user naturally interacts with the account opening application. By continuously monitoring an  account opening session, the BioCatch age analysis solution predicts the user’s approximate  behavioral age and compares it to the declared age on the application. In the event  anomalies are surfaced, the BioCatch risk score will be impacted accordingly.  Some behavioral patterns shift with age, such as the time required to shift from the Control key  to a letter key during data input, mouse click duration, mobile device orientation preferences,  and swipe events. By closely assessing certain age-related factors, the BioCatch solution is further optimized to identify high-risk applications where the declared age is 60+.

Read Article

Cheese, the revolutionary challenger bank and social cause platform, is expanding access to its banking services by offering alternative methods of identification to open an account for customers without social security numbers. As an alternative to sharing a social security number, Cheese will also consider applicants who provide a current visa and valid passport as alternative identification along with a valid established U.S. address. Prospective customers can offer one of the seven valid visas if they do not have a social security number. By using either the Cheese physical or virtual debit card, Cheese users can earn up to 10% cash-back at over 10,000 retailers or restaurants, including many Asian-owned restaurants and businesses. And through its social cause platform, customers are able to be part of a larger movement to support Asian-owned businesses and communities. Any customer may donate their $5 sign up bonus or any portion of their cash back funds to the Cheese Give Back Fund, which gives all its proceeds to organizations and other nonprofits. So far more than $33,000 has been donated by Cheese customers.

Read Article