Page 11 - Implementation of Secure Authentication Technologies for Digital Financial Services
P. 11
4 INTRODUCTION
The Digital Financial Services (DFS) ecosystem Technologies and approaches that use continuous
requires standardized, interoperable, strong authen- and adaptive authentication to minimize the time
tication technologies as enablers to reduce risk and required to detect impostors are emerging. Technol-
protect assets. ogies that securely shift the storage location for per-
Regulators are increasing the requirement for sonal data out of centralized storage that might be
robust identification of clients to combat money limited by network infrastructure, to user-controlled
laundering and other misuses of financial systems. mobile devices are advancing. These new approach-
Along with the increase of mobile-only and es will become widely available within the next sev-
remote-only clients, financial institutions are fac- eral years, and will help to address new threats that
ing new kinds of fraud, impersonation and security emerge over time.
threats that older password-based authentication
systems were never designed to address. 4�1 Implementations examples section
The systems, technologies and approaches Section 8 of this report contains descriptions of
described in this report have been designed for implemented systems covering two DFS use cases:
use in mobile computing environments, blending Enrolment/Account Opening and Authentication for
well-established techniques such as public key cryp- accessing a DFS. Both use cases deal with identifi-
tography with new techniques such as generation cation of an individual: the former handles the situ-
and storage of cryptographic keys on-device instead ation where the DFS system sees the individual for
of centrally. The move towards mobile devices has the first time; the latter authenticates the individu-
made the already weak password-based security less al using previously-issued credentials. To effectively
usable while the increasing availability of widespread manage mis-identification risks, DFS providers must
fingerprint and other biometric sensors makes the ensure that both enrolment and credential authenti-
shift to password-less and multi-factor authentica- cation are robust and use standardized methods and
tion technologies feasible. technologies.
Implementation of Secure Authentication Technologies for Digital Financial Services 9