Just days after the Equifax breach exposed the personal information of over half of the U.S. population, cybersecurity was top-of-mind at the FinovateFall 2017 conference. For a major consumer credit reporting agency like Equifax to experience a security failure can increase the fear of hacks against any financial services firm. Fintech firms from around the world arrived at the demo day to showcase their newest technology, much of which focused in security measures. Four demos stood out for their innovation and presentations.
A cybersecurity company showcasing its REL-ID software, Uniken began by mentioning the breach, noting that call centers can no longer identify customers through personally identifiable information, such as Social Security number, due to the nature of the information released. As a solution, the organization uses its verification platform to allow customer service representatives to send a request to a client’s trusted mobile device. If the client receives a notification but has not attempted to contact the call center, they can deny it through the click of a button. While authentication platforms such as this are not new, the company aims to sell this software directly to institutions, so that their clients will not need third-party applications such as Google Authenticator.
With 1.2 million attacks globally, 2016 proved to be the worst year in history for email phishing. To combat this, GreatHorn attempted a solution for companies using cloud communications infrastructure. The GreatHorn software minimizes the attacks reaching customers and employees alike, by detecting malicious email and automatically removing it. A real-time dashboard allows the company to view the detection and removal. The software determines malicious senders by investigating the relationship and history that it shares with the receiver. Because phishing tends to use false emails with links to capture sensitive information, this prevents any malware from gathering client credentials or breaching data through email.
In one of the most innovative technologies of the day, fiserv uses proximity-based authentication, meaning a client can verify their identity by simply having a verified device near a secure browser. The multi-channel technology can be used with virtual assistants and in-branch platforms as well. For clients to access their financial platform via Amazon’s Alexa assistant or a Google Home software, they ask to perform their desired task and receive a text code to read aloud as confirmation. As for in-branch application, the presenters used the example of walking into a bank, where the client will need their phone to be near a teller for the teller to view their information and, if determined beforehand, the reason for their visit. As the client walks away, their information disappears from the screen. However, this technology raises a few questions: what happens if the verified device is stolen and if the program becomes widespread, could too many phones cause confusion in a bank or near secure browsers?
Keeping with the trend of using smartphones as authentication devices, averon uses carrier data to verify the client’s identity. This technology comes as SMS code and authentication apps continue a decline in reliability. The firm uses the same technology that carriers use to bill customers, ensuring that the number associated with an account is the same number associated with the phone attempting to log in. To demonstrate, the presenters told the crowd their login credentials and allowed anyone access to their account. Turning on the averon software, no one except for the presenter could successfully log in. The presenters made no mention of authentication through devices not connected to cell phone carriers, and while mobile logins grow each year, clients value the freedom to log in securely through multiple means.
Login Attempts with and without averon Technology
Finovate Fall 2017 allowed a glimpse into the future of cybersecurity software, in a time where half of the population experienced a compromise of their personal information through a supposedly secure site. Corporate Insight will continue to keep a close eye on how financial institutions leverage these types of technology.