Adaptive Multi-factor Authentication (MFA) in BFSI

Date:

Trending

A few months back (just after the Covid pandemic had started) an important change was implemented by a popular retail US Bank, Bank of America.  This was regarding how their retail net-banking customers would be logging into their banking account.  

- Advertisement -

All users of this bank can now set up an additional security measure during login in the form of a one-time authorization code, that would be sent to their registered mobile.  This will be in addition to their user id and password.  In the case of some users who are deemed to have a security risk during login (due to their high-risk score presumably arrived due to their inconsistent login patterns), this process has been made mandatory.  

Since the bank had suspected that post-covid the number of internet logins and transactions is going to be high, they probably implemented these changes to protect attempts to hijack genuine customer accounts by fraudulent means by hackers.

- Advertisement -

This shows that the era of Multi-Factor Authentication (MFA) has truly arrived and is here to stay.  Previously MFA was used only when bank transactions were performed by users, but now they are required even during the login process.  

The bank was using security questions as a second factor, but now probably had deemed that as risky, as typical user answers for popular security questions of theirs, can be lifted from their social media accounts by hackers.  

So where does this lead to?  Probably, to the next stage of MFA, which is Adaptive MFA in BFSI.  

What is Adaptive MFA? 

When a user login into a bank, several patterns about the login can be measured by the bank.  They can use this data to protect the customer from phishing and other hacker attacks. Like the typical time of the day the user logs in, the network & computer the login happens from, the Geolocation (GPS location) the user logs in from, the time they typically spend during the login, the type of transactions they normally perform, etc.  

With this wealth of data in-store, the banks can now assign risk scores for each activity through AI (Artificial Intelligence) and ML (Machine Learning) methods. If during any login there is an abnormal risk score detected for the user, an adaptive MFA authentication can be triggered.  That is, the user during that login session would be made to go through additional factors of authentication as part of their MFA Auth, for example, an OTP coupled with a Push based authentication sent through to the user’s mobile app, plus a security question or even a phone call based verification.  This helps to control or even eliminate the fraudulent access by a hacker, as it begins to happen.

How this prevents fraud?

During adaptive authentication, the key element to note is most of the factors that are used for authentication are instantly generated, so the hacker would not be knowing all the details of the authentication sequence and credentials in advance, for them to execute a phishing attack on the authenticated session of the user.  Even the user would not know these in advance for the hackers to target gullible users to get credentials from them, before the login.

What are the other adaptive authentication factors that can come into play?

MFA is normally performed by:

•    factors that the users know (passwords, security questions, pre-stored user-approved picture patterns and code numbers),

•    factors the users have (like OTP, mobile push authentication, google authentication) and 

•    factors that define who the users are (biometric authentications like retina scan, fingerprints, facial recognition).  

Out of these the first set of factors “the one the users know” are under severe attack by the hackers.  Hence banks will resort slowly to the second and third categories of authentications mentioned above.  These two categories of factors will be hard to pry out or reproduce like the passwords or security questions, for the reasons mentioned above.

What are the challenges in implementing Adaptive MFA?

The primary challenge is how to protect the user experience.  Users normally do not like too many restrictions just to get to their bank account.  Also, not all users are computer or mobile-savvy.  For example, the bank in the question above has instructed the users who do not have a mobile phone or do not have a valid phone number in the file, to call the bank to get authenticated.   

While this may work temporarily, this cannot be done by the user every time as the waiting times for such calls are high.  So, the banks have to arrive at the right mix of technology and user convenience to implement secure MFA login at the right cost to the user.

THE SNAPSHOTS

Sign up to get quick snaps of everyday happening, directly in your inbox.

We don’t spam! Read our privacy policy for more info.

- Advertisement -

Support our independent journalism PayPal (Outside India) For PayU (For Indian Readers).

Raj Srinivas
Raj Srinivas
Primarily from a strong security and product engineering background, he has been the principal architect of MISP (Multi-Domain Identity Services Platform) & CIE (Cloud ID Exchange) – in-house IAM & Security products at 8K Miles.

More Latest Stories

More Articles

The Long-Term Power of Investing: Selecting Undervalued Industries

Investing can seem overwhelming, especially for beginners, as the numerous options and strategies available can make it easy to feel unsure about where to...

The Impact of EdTech on Student Outcomes in Higher Education

The introduction of interactive whiteboards in the early 1990s marked a major shift in digital learning. However, few could predict the scale of change that technology would bring to higher education today. Educational Technology (EdTech) is now reshaping universities and other institutions to offer...

Meta Legal Head Offloads Shares worth $577K

Meta Platforms Inc.’s (NASDAQ: META) Chief Legal Officer, Jennifer Newstead, has sold 921 shares,...

Shell Executive Robin Mooldijk Sells €1.69 Mn in Shares

Shell plc’s Projects & Technology Director, Robin Mooldijk, has offloaded 50,000 shares in the...

BGC Group raises $700 Mn in bond sale to refinance debt

BGC Group, Inc. (NASDAQ: BGC) has finalized a $700 million private offering of senior...

Alphabet Legal Chief John Kent Walker to Sell $2Mn in Shares via Morgan Stanley

Alphabet Inc.’s (NASDAQ: GOOGL) Chief Legal Officer, John Kent Walker Jr., has filed to...

Predictive Analytics: The Key to Supply Chain Resilience

In today’s interconnected global economy, supply chains are the lifeblood of businesses, weaving intricate...

Empowering Growth: Boosting the Robotics Sector with Targeted Support

India's robotics sector is emerging as a key area of technological progress, driving innovation...

HR Chief Amy Coleman Reports Over 46,000 Microsoft Shares in SEC Filing

Microsoft (NASDAQ: MSFT) Chief Human Resources Officer, Amy Coleman, has reported her stock holdings in a recent regulatory filing with the U.S. Securities and...

Software and Technology Changing the Industry

The advent of software and technological advancements has been a game-changer across various industries....

Jensen Huang Offloads $49.8Mn in Nvidia Shares

Nvidia (NASDAQ: NVDA) CEO and President Jen-Hsun Huang has disclosed the sale of 431,611...

Meta CPO Chris Cox Sells Shares Worth $8.3 Mn

Meta Platforms (NASDAQ: META) Chief Product Officer Christopher Cox sold 13,556 shares of the...

Meta Chief Legal Officer Jennifer Newstead Offloads Shares as Part of Trading Plan

According to regulatory filings, Jennifer Newstead, Chief Legal Officer at Meta Platforms, Inc. (NASDAQ:...

Nvidia Director Aarti Shah to Sell Shares Worth $2.37 Mn

Aarti S. Shah, a director at NVIDIA Corporation (NASDAQ: NVDA), has filed a notice with the Securities and Exchange Commission (SEC) to sell 20,000...

Alphabet Board Member Frances Arnold Increases Stake Following Dividend Allocation

According to a recent regulatory filing, Frances Arnold, a board member at Alphabet Inc., has expanded her stake in the company through a stock compensation adjustment linked to its latest dividend payout. The March 19 SEC filing shows Arnold acquired five additional Class C Google...

Alphabet COA Amie Thuener O’Toole Increases Stock Holdings

In a filing with the U.S. Securities and Exchange Commission (SEC), Alphabet Inc.’s (NASDAQ...

Elon Musk’s X Sues Indian Govt Over Content Regulation Clash

X Corp, an Elon Musk-owned social media firm, sued the Indian government in the...

The Sustainability Imperative: How IT Distribution Is Driving Green Tech Adoption

In today's day and time sustainability is no longer just a corporate commitment, it...

The Future of Digital Payments and Cybersecurity Challenges

The future of digital payments is evolving rapidly, driven by technological advancements, changes in...

How a Money Back Policy Can Be a Smart Financial Choice?

Creating financial security involves strategic planning because investment decisions form one of the essential...

“We Are Not America”: Canada’s New PM Mark Carney On Trump’s Comment On Making it 51st state

In his first public remarks, Canada's New Prime Minister, Mark Carney, reaffirmed Canada's independence...
00:02:23

‘Canada Ripping Us’: US President Trump Criticizes High Tariffs on Dairy and Lumber

U.S. President Donald Trump on Friday slammed Canada’s high tariffs on American dairy and...
00:03:00

Trump Defends Elon Musk Plan for Federal Job Cuts; Govt Spending ‘Bloated’

Following a meeting with Elon Musk and senior cabinet members, U.S. President Donald Trump...

RP-Sanjiv Goenka’s Firstsource Opens ANZ HQ and AI Lab in Melbourne

Firstsource Solutions Limited (NSE: FSL, BSE:532809), an RP-Sanjiv Goenka Group company, today announced the...

Meta CPO Chris Cox Sells Shares Worth $8.3 Mn

Meta Platforms (NASDAQ: META) Chief Product Officer Christopher Cox sold 13,556 shares of the...

Why Smart Cities Are the Future of Water Conservation

Water conservation has become an important factor due to climate change and worsened water...

Interview: Vserve CEO Siva Balakrishnan on SEO Secrets for Amazon Seller Success

In an interview with TechGraph, Siva Balakrishnan, CEO and Founder of Vserve, shared how...

Layer PR Wins SME News UK Awards, Expands to Bengaluru

Layer PR, a global public relations firm owned by TechGraph, has secured two major...

Google Acquires Wiz for $32 Billion in All-Cash Deal

Google LLC, a subsidiary of Alphabet Inc. (NASDAQ: GOOG, GOOGL) has signed a deal...

Meta Chief Legal Officer Jennifer Newstead Offloads Shares as Part of Trading Plan

According to regulatory filings, Jennifer Newstead, Chief Legal Officer at Meta Platforms, Inc. (NASDAQ:...

Trump Defends Elon Musk Plan for Federal Job Cuts; Govt Spending ‘Bloated’

Following a meeting with Elon Musk and senior cabinet members, U.S. President Donald Trump...

Trade War: Canadian PM Justin Trudeau Announces 25% Tariffs On US Imports

Ottawa: Canadian Prime Minister Justin Trudeau on Wednesday announced a 25% tariff on U.S....

RP-Sanjiv Goenka’s Firstsource Opens ANZ HQ and AI Lab in Melbourne

Firstsource Solutions Limited (NSE: FSL, BSE:532809), an RP-Sanjiv Goenka Group company, today announced the...