For over 50 years, a password and a username have been the fundamental and largely unchanged model for identifying and verifying users – both in the financial sector and beyond. Nevertheless, there are drawbacks to this strategy, which can certainly be seen in the financial sector. Baldeep Dogra, Director of Solutions Marketing at Blackberry, writes

Firstly, employees often prove unable to use usernames and passwords safely enough to protect their data.

Indeed, 94% percent of financial services’ IT managers are not fully confident in the ability of their employees, consultants, and partners to adequately safeguard data.

This was revealed in a survey conducted by BlackBerry of 500 financial services IT professionals across six countries in North America and Europe.

Furthermore, complex and long usernames and passwords are not user-friendly. This leads to an area of tension: how do we balance user experience (UX) with security?

For example, ‘Waiting phrases’ are more secure than the familiar ‘passwords’, but with the advent of mobile devices and apps, user preferences have shifted.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Electronic Payments International.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Nowadays, users want fast and practical access – passwords seem too long and impractical

The consequences of these drawbacks can be severe, especially within the financial sector. If safety guidelines are breached and sensitive data is compromised, the company is vulnerable not only to damage from competitors or criminals, but also to violation of GDPR.

This is not to mention considerable damage to its reputation and the subsequent loss of business.

An intelligent answer

Fortunately, an approach is emerging that can take away the concerns: Artificial Intelligence (AI).

The emphasis shifts from recognising usernames and passwords to recognising the user as such. Here, AI techniques are applied to gain insight into how verified users deal with business apps, data and services.

For example, cybersecurity professionals in the financial sector can detect when malicious users or malware attempt to access data.

The different, individual techniques that can all work together to identify users generally fall into two main categories:

– Continuous authentication – Unlike password-based authentication and other two-factor authentication (2FA) techniques, continuous authentication uses techniques to compare the user’s behaviour during each session with existing (learned) models of past behaviour.

Continuous authentication also looks for abnormalities that may indicate that the session has been taken over by an external threat.

These techniques include, for example, biometrics (by looking at typing speed and mouse movements) and transactional behaviour (such as transactions and associated amounts).

– Contextual Awareness – This approach is based on understanding the context of a particular session or transaction and then aligning it with security policies. The security policy performs context-based checks and can then take appropriate action.

This typically includes both the physical (e.g. device/network used, time of day, location, etc.) and transactional contexts (e.g. transferring or recovering amounts).

From the user’s point of view, the great advantage of the above techniques is that they do not need to perform any additional actions to authenticate themselves.

The techniques make automatic and continuous authentication possible. At the same time, it can adapt to the user’s context, while the user concentrates on their work tasks.

For example, less strict authentication is applied when a user is working within a context with a lower risk, such as routine transactions.

Multiple layers

The application of these techniques can lead to a user experience that rarely requires a password.

Authentication is then only requested when the risk of the context is too high.

At the same time, the bar for cybercriminals is considerably higher because they have to navigate through multiple layers of behavioural and contextual risk assessment.

They need to do this continuously, with an increasing degree of control as the transaction risk increases.

Incidentally, this does not mean that implementing these authentication techniques goes without a hitch. For example, changes in apps and services are needed to integrate these new techniques.

This is even more complex than building a login page to collect passwords and send messages.

However, this challenge can be overcome by using a platform-based approach. This is in contrast to an individual approach in which individual apps and services are tackled each time.

In conclusion

Although strong usernames and passwords have long been seen as the best way to protect the financial sector, they are too vulnerable in themselves, especially when it comes to securing the data the sector owns.

Using AI, cybersecurity professionals are working to develop more legitimate authentication techniques tailored to each individual user.

By recognising behaviour instead of log-in data, users can rely more on the security of their finances and data.

This frictionless experience ultimately means the best UX whilst assuring security and privacy and delivering optimised productivity.

Sign up for our daily news round-up!

Give your business an edge with our leading industry insights.

Sign up