Adaptive Multi-factor Authentication (MFA) in BFSI

Date:

Before Article Content · 728×90
Advertise Here

Trending

- Advertisement -

A few months back (just after the Covid pandemic had started) an important change was implemented by a popular retail US Bank, Bank of America.  This was regarding how their retail net-banking customers would be logging into their banking account.  

All users of this bank can now set up an additional security measure during login in the form of a one-time authorization code, that would be sent to their registered mobile.  This will be in addition to their user id and password.  In the case of some users who are deemed to have a security risk during login (due to their high-risk score presumably arrived due to their inconsistent login patterns), this process has been made mandatory.  

Since the bank had suspected that post-covid the number of internet logins and transactions is going to be high, they probably implemented these changes to protect attempts to hijack genuine customer accounts by fraudulent means by hackers.

This shows that the era of Multi-Factor Authentication (MFA) has truly arrived and is here to stay.  Previously MFA was used only when bank transactions were performed by users, but now they are required even during the login process.  

The bank was using security questions as a second factor, but now probably had deemed that as risky, as typical user answers for popular security questions of theirs, can be lifted from their social media accounts by hackers.  

- Advertisement -

So where does this lead to?  Probably, to the next stage of MFA, which is Adaptive MFA in BFSI.  

What is Adaptive MFA? 

When a user login into a bank, several patterns about the login can be measured by the bank.  They can use this data to protect the customer from phishing and other hacker attacks. Like the typical time of the day the user logs in, the network & computer the login happens from, the Geolocation (GPS location) the user logs in from, the time they typically spend during the login, the type of transactions they normally perform, etc.  

With this wealth of data in-store, the banks can now assign risk scores for each activity through AI (Artificial Intelligence) and ML (Machine Learning) methods. If during any login there is an abnormal risk score detected for the user, an adaptive MFA authentication can be triggered.  That is, the user during that login session would be made to go through additional factors of authentication as part of their MFA Auth, for example, an OTP coupled with a Push based authentication sent through to the user’s mobile app, plus a security question or even a phone call based verification.  This helps to control or even eliminate the fraudulent access by a hacker, as it begins to happen.

- Advertisement -

How this prevents fraud?

During adaptive authentication, the key element to note is most of the factors that are used for authentication are instantly generated, so the hacker would not be knowing all the details of the authentication sequence and credentials in advance, for them to execute a phishing attack on the authenticated session of the user.  Even the user would not know these in advance for the hackers to target gullible users to get credentials from them, before the login.

What are the other adaptive authentication factors that can come into play?

MFA is normally performed by:

•    factors that the users know (passwords, security questions, pre-stored user-approved picture patterns and code numbers),

•    factors the users have (like OTP, mobile push authentication, google authentication) and 

•    factors that define who the users are (biometric authentications like retina scan, fingerprints, facial recognition).  

Out of these the first set of factors “the one the users know” are under severe attack by the hackers.  Hence banks will resort slowly to the second and third categories of authentications mentioned above.  These two categories of factors will be hard to pry out or reproduce like the passwords or security questions, for the reasons mentioned above.

What are the challenges in implementing Adaptive MFA?

The primary challenge is how to protect the user experience.  Users normally do not like too many restrictions just to get to their bank account.  Also, not all users are computer or mobile-savvy.  For example, the bank in the question above has instructed the users who do not have a mobile phone or do not have a valid phone number in the file, to call the bank to get authenticated.   

While this may work temporarily, this cannot be done by the user every time as the waiting times for such calls are high.  So, the banks have to arrive at the right mix of technology and user convenience to implement secure MFA login at the right cost to the user.

Stay ahead of the curve, every day.

A daily briefing covering news, interviews, and the trends driving the world forward. Curated for readers who want news, not noise.

We don’t spam! Read our privacy policy for more info.

- Advertisement -
Raj Srinivas
Raj Srinivas
Primarily from a strong security and product engineering background, he has been the principal architect of MISP (Multi-Domain Identity Services Platform) & CIE (Cloud ID Exchange) – in-house IAM & Security products at 8K Miles.

More Latest Stories

More Articles

StationPC PA100 Pro: The Next-Gen Portable NAS Storage Solution for On-the-Go Professionals

The next-generation PocketCloud (model: PA100 Pro) portable NAS from StationPC has officially been unveiled, following its launch on June 30, 2026. Positioned as a...

The Borderless Startup: FinStackk CGO Nithin Reddy on Simplifying Financial Operations for Global Founders

Speaking with TechGraph, Nithin Reddy, Co-founder & Chief Growth Officer at FinStackk, discussed how incorporating a business in the US has become increasingly accessible for global startups, while managing financial operations and regulatory compliance across fragmented systems continues to create operational complexity, and how...

The New Collateral in Lending Isn’t an Asset; It’s a Citizen’s Consent

Old habits die hard, and few habits in Indian finance have died harder than...

Why Do Most Enterprise AI Projects Never Make It Past the Pilot Stage?

Conceiving, developing, and implementing AI projects an optimum mix of creativity, dedication, and perseverance.

The Responsiveness Economy: DashLoc’s Sumit Singh on Redefining Customer Conversations with AI

Speaking with TechGraph, Sumit Singh, Co-Founder & CEO of DashLoc, discussed how businesses are...

How Generative AI Could Reshape Airline Distribution and Travel Retailing

Airline distribution is entering a new phase. For decades, the industry has relied on...

AI That Serves: Impact AI Foundry’s Arjun Balaji on Making Artificial Intelligence Accessible for Nonprofits

Speaking with TechGraph, Arjun Balaji, Co-Founder and Programme Director of Impact AI Foundry, discussed...

How AI Is Building India’s Next-Generation Emergency Mobility Infrastructure

Imagine this. A customer is stranded on the roadside due to a vehicle breakdown...

How Mixed-Use Ecosystems Will Shape the Next Decade of Urban India

India's urban growth story is entering a decisive phase. By 2036, nearly 600 million Indians are expected to live in urban centres, which are...

Human-in-the-Loop: Why AI in Education Still Needs the Professor

Generative AI is rapidly entering classrooms, boardrooms, and training programs. Yet a critical question...

Why Indian Men Are Quietly Moving Away From Fast Fashion

When a man opens his wardrobe, stares at a rail of clothes, and realises...

Simple Habits That Keep Your Car Running Longer

Keeping your car running longer doesn’t require expert-level knowledge—it comes down to building smart...

Why Indian Business Still Runs on Spreadsheets and WhatsApp for Treasury

India is home to one of the world's fastest-growing fintech ecosystems, projected to reach...

The New Age of Digital Assets: How Blockchain Is Redefining Financial Inclusion

Innovation is changing the nature of economic participation and making it more inclusive, especially with the development of blockchain technology. Blockchain technology introduces a...

The Efficiency Gap That Will Reshape Finance by 2030

Here is the number that should be keeping every CFO awake right now: 97% of finance teams have adopted AI. Yet 45% of financial leaders are still spending more than 60% of their time on manual tasks. That is not a technology problem. That...

The rise of tier-2 GCCs: How digital infrastructure is redefining India’s technology talent map

For the better part of two decades, India's Global Capability Centre (GCC) story was...

Nexchain AI Maps Its Final Path to Launch as $0.06 Token Presale Window Nears Its Close

Like a building project that moves from design to final inspections, the Nexchain AI...

Nexchain Rebuild Story Puts AI Layer 1 Development Back on the Crypto Presale Radar

Nexchain AI has brought its rebuild story back into focus as its AI Layer...

From IP to Global Leadership: Aum Ventures’ Chetan Mehta on India’s Next Deeptech Breakout Companies

Speaking with TechGraph, Chetan Mehta, Founding Partner at Aum Ventures, outlined why deeptech remains...

How Machine Learning Is Redefining Short-Term Borrowing for Tech-Savvy Consumers

Short-term lending has long relied on limited snapshots of a borrower’s history. That approach...

Why Players Buy LoL Boost and How the Process Works

If you’re researching why players buy lol boost, you’re usually trying to understand two...

India’s Air Crisis Needs a Deeptech Answer, Not a Consumer Gadget

Twenty years ago, an air conditioner in an Indian home was a luxury. Today...

India’s Cloud Cost Crisis: Why Startups Are Rethinking Their Tech Stack

Over the last ten years, startups in India have experienced an incredible boom driven...

Redrob AI Launches Professional AI Platform for India’s Workforce

In a bid to help students and professionals navigate an increasingly fragmented digital work...

Simple Habits That Keep Your Car Running Longer

Keeping your car running longer doesn’t require expert-level knowledge—it comes down to building smart...

“Budget should focus on reducing taxes on capital gains,” Says Abhishek Gupta of Hex N Bit

Speaking in the upcoming Union Budget 2021, Abhishek Gupta, Founder, and CEO, Hex N...

“China is a Global thief” Rep. Tom Rice on Uyghur Forced Labor Prevention Act

Speaking at the House on Uyghur Forced Labor Prevention Act, Rep. Tom Rice (R-SC)...

Nexchain Publishes New Roadmap as $0.06 Token Stage Continues

Nexchain has unveiled its updated development roadmap, providing the community with a clearer view...

Why Startups Are Turning to Virtual CFOs for Smarter Growth

​For a long time, finance leadership in startups followed a predictable path. Founders managed...

Why Indian Business Still Runs on Spreadsheets and WhatsApp for Treasury

India is home to one of the world's fastest-growing fintech ecosystems, projected to reach...

Key differences between a burner phone & prepaid phone

You may have heard both terms mentioned when it comes to protecting your identity....

Alphabet Discloses $2.14 Billion in Public Equity Holdings as of June 30

Alphabet Inc. disclosed $2.14 billion in equity securities held across 39 positions as of...

India to generate $100 bn from telephonic investments

India expects to attract $100 billion in investments in the telecom sector, a union...