Adaptive Multi-factor Authentication (MFA) in BFSI

Date:

Trending

A few months back (just after the Covid pandemic had started) an important change was implemented by a popular retail US Bank, Bank of America.  This was regarding how their retail net-banking customers would be logging into their banking account.  

- Advertisement -

All users of this bank can now set up an additional security measure during login in the form of a one-time authorization code, that would be sent to their registered mobile.  This will be in addition to their user id and password.  In the case of some users who are deemed to have a security risk during login (due to their high-risk score presumably arrived due to their inconsistent login patterns), this process has been made mandatory.  

Since the bank had suspected that post-covid the number of internet logins and transactions is going to be high, they probably implemented these changes to protect attempts to hijack genuine customer accounts by fraudulent means by hackers.

- Advertisement -

This shows that the era of Multi-Factor Authentication (MFA) has truly arrived and is here to stay.  Previously MFA was used only when bank transactions were performed by users, but now they are required even during the login process.  

The bank was using security questions as a second factor, but now probably had deemed that as risky, as typical user answers for popular security questions of theirs, can be lifted from their social media accounts by hackers.  

So where does this lead to?  Probably, to the next stage of MFA, which is Adaptive MFA in BFSI.  

What is Adaptive MFA? 

When a user login into a bank, several patterns about the login can be measured by the bank.  They can use this data to protect the customer from phishing and other hacker attacks. Like the typical time of the day the user logs in, the network & computer the login happens from, the Geolocation (GPS location) the user logs in from, the time they typically spend during the login, the type of transactions they normally perform, etc.  

With this wealth of data in-store, the banks can now assign risk scores for each activity through AI (Artificial Intelligence) and ML (Machine Learning) methods. If during any login there is an abnormal risk score detected for the user, an adaptive MFA authentication can be triggered.  That is, the user during that login session would be made to go through additional factors of authentication as part of their MFA Auth, for example, an OTP coupled with a Push based authentication sent through to the user’s mobile app, plus a security question or even a phone call based verification.  This helps to control or even eliminate the fraudulent access by a hacker, as it begins to happen.

How this prevents fraud?

During adaptive authentication, the key element to note is most of the factors that are used for authentication are instantly generated, so the hacker would not be knowing all the details of the authentication sequence and credentials in advance, for them to execute a phishing attack on the authenticated session of the user.  Even the user would not know these in advance for the hackers to target gullible users to get credentials from them, before the login.

What are the other adaptive authentication factors that can come into play?

MFA is normally performed by:

•    factors that the users know (passwords, security questions, pre-stored user-approved picture patterns and code numbers),

•    factors the users have (like OTP, mobile push authentication, google authentication) and 

•    factors that define who the users are (biometric authentications like retina scan, fingerprints, facial recognition).  

Out of these the first set of factors “the one the users know” are under severe attack by the hackers.  Hence banks will resort slowly to the second and third categories of authentications mentioned above.  These two categories of factors will be hard to pry out or reproduce like the passwords or security questions, for the reasons mentioned above.

What are the challenges in implementing Adaptive MFA?

The primary challenge is how to protect the user experience.  Users normally do not like too many restrictions just to get to their bank account.  Also, not all users are computer or mobile-savvy.  For example, the bank in the question above has instructed the users who do not have a mobile phone or do not have a valid phone number in the file, to call the bank to get authenticated.   

While this may work temporarily, this cannot be done by the user every time as the waiting times for such calls are high.  So, the banks have to arrive at the right mix of technology and user convenience to implement secure MFA login at the right cost to the user.

THE SNAPSHOTS

Sign up to get quick snaps of everyday happening, directly in your inbox.

We don’t spam! Read our privacy policy for more info.

- Advertisement -

Support our independent journalism PayPal (Outside India) For PayU (For Indian Readers).

Raj Srinivas
Raj Srinivas
Primarily from a strong security and product engineering background, he has been the principal architect of MISP (Multi-Domain Identity Services Platform) & CIE (Cloud ID Exchange) – in-house IAM & Security products at 8K Miles.

More Latest Stories

More Articles

Onlygood AI CEO Rajeev Sinha on Future of AI-Driven ESG Data and Supply Chain Transparency

Speaking to TechGraph, Rajeev Sinha, CEO & Co-founder of Onlygood.ai, shares insights on how his company is helping smaller businesses leverage AI and IoT...

Vishal Puri On Spalba’s Tech-Driven Approach To Venue Booking & Planning

Speaking to TechGraph, Vishal Puri, Co-Founder of Spalba, explains how its platform uses technologies like Digital Twins and real-time analytics to provide event planners with interactive previews while giving venue owners deep data to optimize sales and marketing strategies and help event planners make...

INTERVIEW: ADDA’s Krishanu Mukherjee on Transforming Gated Communities

In an interview with TechGraph, Krishanu Mukherjee, AVP of Growth at ADDA.io, explained how...

Choosing the Right Tax Consultant: A Guide for Businesses and Individuals

For both individuals and businesses, tax planning and compliance are crucial aspects of financial...

Wired vs. Wireless Headsets: A Comparative Guide for Evolving Audio Needs

Across a wide range of demographics, including gamers, fitness enthusiasts, business executives, and remote...

The Rise of Conversational AI: What It Means for Tech and SaaS Businesses

Back in the time, when AI was not as prominent, businesses used to struggle...

Union Budget 2025-26 Reactions: EV Makers Welcome Tax Relief and Infrastructure Investments

India’s electric vehicle industry has welcomed the Union Budget 2025-26, citing exemptions on capital...

Healthcare Reactions to Budget 2025-26: Experts Back Investments in Cancer Care & AI but Call for Broader Mental Health Policies

The Union Budget 2025-26, presented by Finance Minister Nirmala Sitharaman, has drawn mixed reactions...

Life Insurance Death Benefit Payouts: What Your Family Needs to Know

It is important to know more about life insurance policies and their operational modalities. The most important factor is, of course, the pre-fixed insurer...

Preparing Your Staff To Host A Successful Business Event In Another City

A business event, a convention, and exhibition, a trade show - all of these...

TradeFT Review: Comprehensive Platform Overview 2025

The financial markets are abuzz with some pretty exciting developments as 2025 gets underway,...

Krikya Bangladesh Casino App Review

The Krikya app delivers a seamless and engaging mobile gambling experience for users of...

Union Budget 2025-26: MSME Leaders Back Investment Limit Hike, Call E-Shram Expansion Crucial

The MSME sector has responded positively to the Union Budget 2025-26, with experts highlighting...

From GCC & AI to DeepTech Investments: How Tech Experts React to the Union Budget 2025

Finance Minister Nirmala Sitharaman’s Union Budget 2025-26 has drawn mixed reactions from technology industry leaders, particularly on the government’s push for deep tech and...

Union Budget 2025-26 Reactions: Education Sector Applauds AI, Skilling Initiatives but Flags Funding Gaps

India’s education sector leaders have responded to the Union Budget 2025-26 with optimism and concern. While the budget introduces key measures such as 50,000 new Atal Tinkering Labs, AI-focused Centres of Excellence, and broadband expansion in government schools, some experts argue that the ₹1.28...

Union Budget 2025: India’s AI Budget Allocation Stirs Mixed Reactions

India’s Finance Minister Nirmala Sitharaman's announcement of a ₹500 crore fund for a Centre...

Union Budget 2025: Investors, Startups React to Govt’s Push for Fund of Funds, FSS Scheme and Deeptech

The Union Budget 2025, presented by Finance Minister Nirmala Sitharaman on Saturday, has drawn...

AI in Skill Development: What Budget 2025 Should Do to Close the Workforce Skills Gap

India, with its vast pool of young talent, faces a significant challenge: a widening...

Union Budget 2025 Expectations: Hospitality Sector Urges Budget Support for Tourism Growth and Workforce Development

With the Union Budget 2025 on the horizon, hospitality sector leaders are calling for...

Cash out Tether USDT to Renminbi in Guangzhou

If you need to quickly and safely Cash out Tether USDT to Renminbi in...

Union Budget 2025 Expectations: Insurance Sector Eyes Tax Incentives, Sops to Expand Health Insurance Reach

As Finance Minister Nirmala Sitharaman prepares to present the Union Budget 2025 on February...

Solar, Renewable Sector Expects Tax Breaks, Subsidies for BESS & Solar Financing Reform From Budget 2025

As Union Budget 2025 approaches, renewable energy leaders are urging Finance Minister Nirmala Sitharaman...

Gaming Industry Eyes Budget 2025 for Relief on GST and Boosted AVGC Support

With the Union Budget just days away, the gaming sector is growing hopeful that...

Adoption of Low Code Platforms by MSMEs for Operational Efficiency of Their Supply Chains

Micro, small, and medium enterprises are the backbone of the world and account for...

Krikya Bangladesh Casino App Review

The Krikya app delivers a seamless and engaging mobile gambling experience for users of...

Union Budget 2025: Medical Education Seats Increased by 130% in 10 Years; 10,000 More to Be Added

Education sector Budget LIVE: Presenting the Union Budget 2025-26, Finance Minister Nirmala Sitharaman announced...

Union Budget 2025: Kisan Credit Card Loan Limit Increased to ₹5 Lakh Under Modified Interest Subvention Scheme

Finance Minister Nirmala Sitharaman, in her Union Budget 2025-26 speech, announced an increase in...

Union Budget 2025 LIVE: FM Sitharaman Announces Reforms in Finance Sector; Increases FDI Limit to 100%

Finance Minister Nirmala Sitharaman, while presenting the Union Budget for 2025-26 in Parliament today,...

Union Budget LIVE: Finance Minsiter Nirmala Sitharaman Tables India’s Budget for 2025-26

LIVE Union Budget Coverage: The Union Budget 2025, set to be presented by Finance...

Union Budget 2025-26: MSME Leaders Back Investment Limit Hike, Call E-Shram Expansion Crucial

The MSME sector has responded positively to the Union Budget 2025-26, with experts highlighting...

Gaming Industry Eyes Budget 2025 for Relief on GST and Boosted AVGC Support

With the Union Budget just days away, the gaming sector is growing hopeful that...

Budget 2025: Tax Reforms, Infrastructure Financing, and NBFC Support Top Budget Wishlist

As Budget 2025 approaches, experts from the NBFC, finance, and business sectors are voicing...

Adoption of Low Code Platforms by MSMEs for Operational Efficiency of Their Supply Chains

Micro, small, and medium enterprises are the backbone of the world and account for...