Security and Authentication in a Digital World
For many years we’ve been reliant on usernames and passwords to secure digital accounts – but we know these aren’t adequate. Mass data breaches have made account information and passwords available to buy extremely cheaply on the dark web. They simply don’t do the job – so what happens next?
Any new authentication methods as a minimum, must offer a suitable level of security and be acceptable to those that use them.
To find out what people think about the security they use with their financial service providers and how they view the use of new digital security methods such as biometrics, FICO commissioned an independent survey of over 5,000 people across 10 countries.
Are passwords providing needed security?
People certainly aren’t wedded to the idea of using username and passwords for security in fact on average across the countries surveyed only 41 percent say they are happy to do this. People’s practices for using passwords are inherently insecure. This becomes obvious when you consider how many are using five or fewer passwords across all their accounts and the number that don’t keep their passwords safe – for example on average almost a quarter of people write their passwords down in a notebook.
Even though people use insecure methods to manage passwords such as limiting the number they use and writing them down, we found that they still struggle to use them. Forgotten passwords frequently prevent people from doing what they want or need to do. Significant numbers say they have abandoned an online purchase or been unable to open a new account with an existing provider because they can’t remember their passwords.
If passwords don’t work what can we use?
Advancements in mobile phones has put a wealth of technology at the fingertips of most people. Cameras, sensors, accelerometers, geolocation, 24/7 internet access and more are all convenient, but people need to be prepared to use them to secure their accounts – are they?
The most popular mobile phone-based technology to secure accounts in most countries surveyed, is sending one-time passcodes (OTPs) by SMS text. On average a little over half of people surveyed were prepared to use this method to. OTPs by text are a well-established form of authentication and ubiquitous for use in payments and banking – it’s not surprising that this familiarity has made many people comfortable with them. However, while they are still a valuable form of authentication, they do have weaknesses and criminals have can intercept texts with SIM swap frauds. Financial organizations therefore need more than OTPs in their arsenal, particularly when it comes to high-risk transactions or activities where levels of suspicion require them to step up authentication.
Fortunately, our survey shows that acceptance of biometrics to secure accounts is now widespread and as people become familiar with different biometric techniques, they will accept them. People are particularly accepting of using biometrics for security when banking in fact far more are prepared to provide a biometric to their bank than to their government. On average 71 percent of people are prepared to provide a biometric to their bank for security purposes, this ranged from 64 percent in Canada up to 86 percent of Brazilians.
Different biometric methods have different levels of acceptability – on the face of it, the level of familiarity people have with a method the more likely they are to be prepared to use it.
Our survey shows that from a consumer’s perspective the continued use of passwords is neither adequate nor desired. In a competitive environment where more and more activities are carried out digitally providing customers with an agreeable, efficient and safe experience when they use their accounts will be a competitive advantage.
Making the right decisions about which authentication methods to deliver to which customers in all circumstances isn’t easy. FICO solutions can help you to orchestrate and deliver a wide choice of biometrics, device recognition and communication services including multi-channel, one-time passcode delivery.
For more information and statistics, see the FICO Consumer Digital Banking Survey of 5,000 people across 10 countries including: