Complex Made Simple

Court of Authentication: Securing the customer’s authentication journey

Areas such as identification, fraud prevention, data protection, and authentication have become key areas of focus for organizations that want to maintain consumer confidence and deliver business growth

Authentication factors prove that the user is who they say they are to gain access to a product or service Machine learning advises the orchestration layer in the IDA platform how to interpret evidence It is important to avoid false conviction and cause unnecessary friction for the user

By Rob Campbell, Head of Product and Industry Marketing at Callsign

The global pandemic has accelerated digitization in almost every aspect of life. From events and operations to transactions and payments, everything has moved online. Although many of us appreciate the newfound convenience of this new normal, the question of our online security and identity has become more important than ever. Areas such as identification, fraud prevention, data protection, and authentication have become key areas of focus for organizations that want to maintain consumer confidence and deliver business growth. 

According to a recent research survey by PwC, customer fraud in the Middle East increased to 47% in 2020, up from 32% in 2018. Businesses, Governments, and regulators will need to work together to ensure secure access to digital services is robust, because genuine users aren’t the only people to move online, bad actors also have.

To survive and thrive in the post-COVID-19 era, organizations need to audit just how robust and accurate their identification and authentication technologies are. Bad actors are smart, the good guys need to be one step ahead. Businesses need to obtain a complete and accurate digital identity of genuine users to allow them to get on and use online services.

This is where businesses can benefit from machine learning (ML) technologies which can take large amounts of data and generate a more complete picture of each authentication request giving unprecedented levels of security.

Businesses can use Intelligence Driven Authentication (IDA) solutions to deliver seamless and secure customer journeys.

To understand how the IDA platform and machine learning can enhance the authentication process, it helps to draw parallels between authentication requests and a criminal trial where evidence that the users are who they say they are, is gathered and presented to an impartial judge.

Step 1: Examining the Evidence

In a criminal trial, the first step is to gather all the evidence. Law enforcement authorities are involved in examining crime scenes and checking records to understand all the relevant information. Similarly, to authenticate users correctly, the IDA platform gathers evidence from a huge variety of authentication factors. 

Authentication factors are user characteristics that prove that the user is who they say are to gain access to a product or service. The most common examples of such factors are usernames and passwords. Other examples include but are not limited to pins, official identity cards, biometric modalities such as fingerprints, facial, and voice recognition, as well as swiping, typing, or mouse movement. 

The IDA platform also uses contextual insights such as geographic and virtual location, device interaction data, device and browser identity, and telco data, which are then analyzed by machine learning models. These models “learn” the customary behavior of a user and can recognize if an authentication attempt is legitimate, if not, then the attempt is identified as high-risk and treated accordingly.

Step 2: Expert Advice

In a criminal trial, the expert witnesses are called upon to elaborate on the evidence and aid the judge’s decision. For example, DNA experts use their specialized knowledge to advise the judge with accurate results.

In the same way, in the authentication process, machine learning models advise the orchestration layer in the IDA platform how to interpret the gathered evidence, by assigning risk scores to each modality and asking: Based on what we have observed about this individual’s data, what is the probability that this new authentication attempt is genuine?

Machine learning models may vary across different modalities, as each authentication factor or modality has properties that make it unique and have different accuracies across individual users and across populations. For example, a fingerprint biometric may have high accuracy across larger populations, however, low-quality devices may reduce this accuracy and not all devices may record this data. 

Overall, however, machine learning models can combine modalities, and this may become more a more effective mode of authentication. Thus, the machine learning models serve as an expert advisor and feed information to the module about the validity of the attempt.

Step 3: The Judgement 

In our court analogy, after examining the evidence and evaluating the expert advice, the judge weighs up the arguments and arrives at a decision.

Similarly, the IDA platform uses a process called machine learning fusion or ensembling, where it combines or “fuses” the probability scores provided by the machine learning models to come up with an overall score. For example, the IDA platform may detect that the username and password were entered correctly, however, the location of the device and typing patterns of the user do not match the actual user’s characteristics. Consequently, the IDA will notice these discrepancies and flag this attempt as potentially malicious, and re-direct it to an additional stage of authentication.

However, just as with a criminal trial, it is important to avoid false conviction and cause unnecessary friction for the user. To ensure that “justice is served”, the IDA Platform considers error rates across different modalities and accounts for noise or inconsistencies in user data. The IDA platform is also customizable and adapts to the user’s tendencies, giving the user the benefit of the doubt and optimizing the user’s journey so that it is frictionless.

By assessing the evidence, which has been critically evaluated by experts, and fusing the outputs of the expert’s advice, the IDA platform is able to make an appropriate decision. Authentication is logical, and robust, minimizing risk without damaging user experience.