security, compliance and customer experience a balancing act · 2015-03-11 · customer experience...

Security, Compliance and

Customer Experience – A

Balancing Act

Anne Myers

Member Advisory Board

TokenOne

Security, Compliance and Customer

Experience

A Balancing Act

Anne Myers Member Advisory Board, TokenOne

The Banker’s Dilemma

Compliance

Cost Customer

Experience

IT Security in Banking

Cost Compliance

Customer Experience

An example: Multi-Factor Authentication

Proving User Presence

• What you know

• What you have

• What you are

What do customers want?

• My funds are safe and secure

• The service is easy to use

• The service is reliable

• Protect my identity

A critique of commonly used methods

• Customer

• multiple and complex passwords

• SMS issues

• device issues

• Cost

• infrastructure

• SMS

• password management

• Compliance

• proving user presence

• password management processes

• vendor hacking risk

Are biometrics the solution?

• Customer

• reliability

• non-revocable

• personal data concerns

• Cost

• expensive

• capture

• Compliance

• biometrics are not a secret

• secure storage of templates

• technical or legal standards

The New Knowledge Factor

Something you know BUT it is

• never entered

• never stored

• never revealed

It is a secret that is never shared - with anyone

The Nirvana for Multi-Factor Authentication?

• Highly secure

and can be easily revoked

• Easy to use

I don’t have to remember a range of complex passwords

• Reliable

even when there is no connectivity

• Enables me to keep my secrets secret

- from everyone

Nirvana?

Factor Method

What you know

Confirmation of a PIN without ever entering the actual PIN using a One time password

What you have

Proof of control of the users smartphone via a tokenised solution

What you are

Backed up by use of TouchID or other biometric

What do customers want?

• My funds are safe and secure

• The service is easy to use

• The service is reliable

• Protect my identity

…all of which reduce your fraud

costs and improve your compliance

To find out how TokenOne will redefine your

Identity Assurance expectations contact us at:

info@tokenone.com