Copyright: scyther5 / 123RF Stock Photo
Mobile devices aren't just convenient; they offer advanced security solutions to help protect against identity theft, fraud, and account takeovers. Learn how mobile authentication keeps customers safe at home and on the go and how you can implement it the right way.

The History of Authentication

Before the age of mobile devices, authentication required users to present a card, key, USB device, or other token. The user had to carry it with them whenever they wanted to access their account. Not only was this cumbersome, it was highly impractical. Losing, or simply leaving the token at home meant the user couldn't access their account. They could not request a code be sent to their verified email address, answer a security question, nor reset their password to regain access. And if they needed to replace their token, they had to bear a hefty cost and a long wait. Not to mention that thieves could simply snatch the token and access the user's information.

What Is Mobile Authentication?

Mobile two-factor authentication was designed to overcome all the drawbacks of traditional authentication. The mobile phone replaced the plastic token, giving users one less thing to carry. To access your account, you simply enter your personal ID and password, which prompts the system to send a passcode to your phone via a dedicated app or SMS. Since mobile phones are a staple in most customers' lives, they tend to always have them on hand, meaning they can always authenticate themselves on the go. Savvy companies also set time limits on the passcodes and phase out expired codes to ensure no valid codes are left on your device. If incorrect passcodes are repeatedly entered, the system can also lock the account.

Continuous Improvement

Technology is always improving, and financial institutions must constantly review their online security measures. Even organizations outside of financial industry can benefit from implementing these preventative measures:

• Review and identify security risks regularly.
  
  
• Use multiple layers of security to detect and prevent fraud.
  
  
• Raise fraud awareness through email, marketing campaigns, social media, etc.
  
  

Device Identification

Some mobile authentication systems are device-specific, meaning you must enter your ID and passcode from a registered and identifiable device. Modern authentication programs analyze device history, location, activity, and other information to create a detailed device profile. This profile helps prevent hackers from accessing an account through a different device, even if they somehow obtain the correct ID and passcode.

The Role of SMS

Banks often use SMS, or short message service, in conjunction with two-factor mobile authentication to raise the bar on account security. Whenever a user (or hacker) tries to change account settings or make a large purchase or payment, they must receive and enter a one-time-use security code in addition to their ID and password.

Malware Protection

Since mobile authentication is device-specific, hackers may turn to malware to access and manipulate a user's phone remotely. Advanced authentication systems can detect malware activity and lock a user's account in response to an attempted hijack. This type of two-factor authentication is called out-of-band (OOB) authentication and uses a secondary network in addition to the ID and password.

The Many Types of Authentication

With the seemingly boundless possibilities of the mobile landscape, companies have created a multitude of authentication systems. Some stick to the traditional ID and passcode method, while others make use of the phone's camera, touch screen, and microphone to verify with complete certainty that the user is who they claim to be. Banks are also looking into biometric authentication using touch screen fingerprint analysis to further reduce the risk of fraud and improve the user experience. Other types of biometric authentication in development include retinal scans and voice recognition. However, vast improvements must be made to existing mobile technology before these systems will be viable.

Is There Such Thing As Too Much Security?

No mobile authentication system is completely foolproof. However, this doesn't mean that a company should stack layer upon layer of security measures. Despite reducing the risk of fraud, an overly complex or lengthy security process can drive away customers. Examples of an overly arduous process include multiple security questions, multiple pin numbers or passwords, and unreasonably difficult-to-decipher captchas. Remember that the huge advantage of mobile devices lies in simplicity and ease of access. It's up to you to balance security with user-friendliness.

Trumpia provides tailored mobile marketing solutions using full-featured SMS software. Connect with your customers, and provide comprehensive account protection without compromising the user experience. For more information, contact Trumpia today.

Free Mobile Marketing Success Kit

Get Your Copy Today