Adaptive Multi-factor Authentication (MFA) in BFSI

Date:

Trending

A few months back (just after the Covid pandemic had started) an important change was implemented by a popular retail US Bank, Bank of America.  This was regarding how their retail net-banking customers would be logging into their banking account.  

- Advertisement -

All users of this bank can now set up an additional security measure during login in the form of a one-time authorization code, that would be sent to their registered mobile.  This will be in addition to their user id and password.  In the case of some users who are deemed to have a security risk during login (due to their high-risk score presumably arrived due to their inconsistent login patterns), this process has been made mandatory.  

Since the bank had suspected that post-covid the number of internet logins and transactions is going to be high, they probably implemented these changes to protect attempts to hijack genuine customer accounts by fraudulent means by hackers.

- Advertisement -

This shows that the era of Multi-Factor Authentication (MFA) has truly arrived and is here to stay.  Previously MFA was used only when bank transactions were performed by users, but now they are required even during the login process.  

The bank was using security questions as a second factor, but now probably had deemed that as risky, as typical user answers for popular security questions of theirs, can be lifted from their social media accounts by hackers.  

So where does this lead to?  Probably, to the next stage of MFA, which is Adaptive MFA in BFSI.  

What is Adaptive MFA? 

When a user login into a bank, several patterns about the login can be measured by the bank.  They can use this data to protect the customer from phishing and other hacker attacks. Like the typical time of the day the user logs in, the network & computer the login happens from, the Geolocation (GPS location) the user logs in from, the time they typically spend during the login, the type of transactions they normally perform, etc.  

With this wealth of data in-store, the banks can now assign risk scores for each activity through AI (Artificial Intelligence) and ML (Machine Learning) methods. If during any login there is an abnormal risk score detected for the user, an adaptive MFA authentication can be triggered.  That is, the user during that login session would be made to go through additional factors of authentication as part of their MFA Auth, for example, an OTP coupled with a Push based authentication sent through to the user’s mobile app, plus a security question or even a phone call based verification.  This helps to control or even eliminate the fraudulent access by a hacker, as it begins to happen.

How this prevents fraud?

During adaptive authentication, the key element to note is most of the factors that are used for authentication are instantly generated, so the hacker would not be knowing all the details of the authentication sequence and credentials in advance, for them to execute a phishing attack on the authenticated session of the user.  Even the user would not know these in advance for the hackers to target gullible users to get credentials from them, before the login.

What are the other adaptive authentication factors that can come into play?

MFA is normally performed by:

•    factors that the users know (passwords, security questions, pre-stored user-approved picture patterns and code numbers),

•    factors the users have (like OTP, mobile push authentication, google authentication) and 

•    factors that define who the users are (biometric authentications like retina scan, fingerprints, facial recognition).  

Out of these the first set of factors “the one the users know” are under severe attack by the hackers.  Hence banks will resort slowly to the second and third categories of authentications mentioned above.  These two categories of factors will be hard to pry out or reproduce like the passwords or security questions, for the reasons mentioned above.

What are the challenges in implementing Adaptive MFA?

The primary challenge is how to protect the user experience.  Users normally do not like too many restrictions just to get to their bank account.  Also, not all users are computer or mobile-savvy.  For example, the bank in the question above has instructed the users who do not have a mobile phone or do not have a valid phone number in the file, to call the bank to get authenticated.   

While this may work temporarily, this cannot be done by the user every time as the waiting times for such calls are high.  So, the banks have to arrive at the right mix of technology and user convenience to implement secure MFA login at the right cost to the user.

THE SNAPSHOTS

Sign up to get quick snaps of everyday happening, directly in your inbox.

We don’t spam! Read our privacy policy for more info.

- Advertisement -

Support our independent journalism PayPal (Outside India) For PayU (For Indian Readers).

Raj Srinivas
Raj Srinivas
Primarily from a strong security and product engineering background, he has been the principal architect of MISP (Multi-Domain Identity Services Platform) & CIE (Cloud ID Exchange) – in-house IAM & Security products at 8K Miles.

More Latest Stories

More Articles

Meta Legal Head Offloads Shares worth $577K

Meta Platforms Inc.’s (NASDAQ: META) Chief Legal Officer, Jennifer Newstead, has sold 921 shares, valued at approximately $577,205, as disclosed in a recent SEC...

Shell Executive Robin Mooldijk Sells €1.69 Mn in Shares

Shell plc’s Projects & Technology Director, Robin Mooldijk, has offloaded 50,000 shares in the company, amounting to approximately €1.69 million. According to the filing, the shares were sold at an average price of €33.85 per share on March 26, 2025, with each share carrying a...

HR Chief Amy Coleman Reports Over 46,000 Microsoft Shares in SEC Filing

Microsoft (NASDAQ: MSFT) Chief Human Resources Officer, Amy Coleman, has reported her stock holdings...

BGC Group raises $700 Mn in bond sale to refinance debt

BGC Group, Inc. (NASDAQ: BGC) has finalized a $700 million private offering of senior...

The Ultimate Guide to Choosing and Using Fonts in Your Design Projects

Fonts play a crucial role in every design project, from branding and web design...

Predictive Analytics: The Key to Supply Chain Resilience

In today’s interconnected global economy, supply chains are the lifeblood of businesses, weaving intricate...

Software and Technology Changing the Industry

The advent of software and technological advancements has been a game-changer across various industries....

Jensen Huang Offloads $49.8Mn in Nvidia Shares

Nvidia (NASDAQ: NVDA) CEO and President Jen-Hsun Huang has disclosed the sale of 431,611...

Alphabet Legal Chief John Kent Walker to Sell $2Mn in Shares via Morgan Stanley

Alphabet Inc.’s (NASDAQ: GOOGL) Chief Legal Officer, John Kent Walker Jr., has filed to sell 11,764 shares of Class C stock, valued at approximately...

Canada, Australia Partner to Build $6 Bn Arctic Radar System

In a bid to enhance Arctic and national security, Canada's Prime Minister Mark Carney...

Meta Chief Legal Officer Jennifer Newstead Offloads Shares as Part of Trading Plan

According to regulatory filings, Jennifer Newstead, Chief Legal Officer at Meta Platforms, Inc. (NASDAQ:...

Personal branding: designing logos for influencers and creators

In today’s digital landscape, personal branding has become more than just a buzzword; it’s...

Alphabet Board Member Frances Arnold Increases Stake Following Dividend Allocation

According to a recent regulatory filing, Frances Arnold, a board member at Alphabet Inc.,...

Alphabet COA Amie Thuener O’Toole Increases Stock Holdings

In a filing with the U.S. Securities and Exchange Commission (SEC), Alphabet Inc.’s (NASDAQ GOOG; GOOGL) Chief Accounting Officer Amie Thuener O’Toole has expanded...

Elon Musk’s X Sues Indian Govt Over Content Regulation Clash

X Corp, an Elon Musk-owned social media firm, sued the Indian government in the Karnataka High Court on Thursday, alleging that broad powers to remove online content under the nation’s tech laws are illegal and threaten its business. According to a media report, "The lawsuit...

Why Smart Cities Are the Future of Water Conservation

Water conservation has become an important factor due to climate change and worsened water...

Interview: Vserve CEO Siva Balakrishnan on SEO Secrets for Amazon Seller Success

In an interview with TechGraph, Siva Balakrishnan, CEO and Founder of Vserve, shared how...

How a Money Back Policy Can Be a Smart Financial Choice?

Creating financial security involves strategic planning because investment decisions form one of the essential...

“We Are Not America”: Canada’s New PM Mark Carney On Trump’s Comment On Making it 51st state

In his first public remarks, Canada's New Prime Minister, Mark Carney, reaffirmed Canada's independence...

US President Trump Presses NATO on Greenland Annexation Plans

During a meeting with NATO Secretary-General Mark Rutte on Thursday, US President Donald Trump...

UK PM Kier Starmer Abolishes NHS England To Bring Health Services Under Govt Control

British Prime Minister Keir Starmer has announced plans to abolish NHS England and bring...
00:08:45

Trade War: Canadian PM Justin Trudeau Announces 25% Tariffs On US Imports

Ottawa: Canadian Prime Minister Justin Trudeau on Wednesday announced a 25% tariff on U.S....

RP-Sanjiv Goenka’s Firstsource Opens ANZ HQ and AI Lab in Melbourne

Firstsource Solutions Limited (NSE: FSL, BSE:532809), an RP-Sanjiv Goenka Group company, today announced the...

Meta COO Javier Olivan Offloads Shares Worth $409,768

Meta Platforms (NASDAQ: META) Chief Operating Officer Javier Olivan is set to sell 608...

Personal branding: designing logos for influencers and creators

In today’s digital landscape, personal branding has become more than just a buzzword; it’s...

Alphabet CEO Sundar Pichai Increases Stocks Holdings Amid Dividend Adjustment

According to a regulatory filing with the U.S. Securities and Exchange Commission (SEC), Alphabet...

Layer PR Wins SME News UK Awards, Expands to Bengaluru

Layer PR, a global public relations firm owned by TechGraph, has secured two major...

The Sustainability Imperative: How IT Distribution Is Driving Green Tech Adoption

In today's day and time sustainability is no longer just a corporate commitment, it...

The Future of Digital Payments and Cybersecurity Challenges

The future of digital payments is evolving rapidly, driven by technological advancements, changes in...

Alphabet Board Member Frances Arnold Increases Stake Following Dividend Allocation

According to a recent regulatory filing, Frances Arnold, a board member at Alphabet Inc.,...

RP-Sanjiv Goenka’s Firstsource Opens ANZ HQ and AI Lab in Melbourne

Firstsource Solutions Limited (NSE: FSL, BSE:532809), an RP-Sanjiv Goenka Group company, today announced the...

Meta CPO Chris Cox Sells Shares Worth $8.3 Mn

Meta Platforms (NASDAQ: META) Chief Product Officer Christopher Cox sold 13,556 shares of the...

Meta COO Javier Olivan Offloads Shares Worth $409,768

Meta Platforms (NASDAQ: META) Chief Operating Officer Javier Olivan is set to sell 608...