Posted By: Uniken | Posted On: October 21, 2019
Note: This is the first article in a two-part series that is based on an interview with Uniken CEO Bimal Gandhi at the Digital Money Forum at Living in Digital Times (CES 2019). Gandhi spoke with Streambed Media CEO Michael Casey, who also serves as Senior Advisor of the Digital Currency Initiative at the MIT Media Lab, about a core problem for many crypto and traditional banks: security and the role of customer identity / user identity in transaction security.
Passwords, in one form or another, have been used for hundreds if not a thousand years to help verify someone as being approved to access something. Starting out as a secret code, phrase, or torn halves of a written note, passwords as a method of identity verification have slowly transformed over the centuries into something more complex.
In recent years, single-factor passwords became a mainstay of security. However, the time when passwords and user credentials were considered strong security methods (or, at least, enough of a deterrent for hackers) has come to pass. Even a more complex security measure, such as two factor authentication (2FA) or multi factor authentication (MFA), can be overcome by hackers.
The latter, a security method used by many businesses and governments worldwide that requires a combination of two somethings – something you know (such as a password or phrase), something you have (such as a security token), or something you are (a biometric such as a fingerprint or facial scan) — is not enough for accurate identity verification. Nor can either user identity verification method hold back the tide of hackers who continuously seek new and innovative ways to gain access to accounts to commit crimes.
As such, when I speak with leaders at different companies, they often tell me that they are looking for new ways to verify user identity to increase transaction security for customers. However, I can say from personal experience that tokens are cumbersome and easy to lose. Furthermore, the common practice of using personally identifiable information (PII) to confirm a customer’s user identity is no longer a good option because it can potentially lead to more issues than it solves. These solutions just aren’t effective anymore.
The Trouble with User Identity in Security
Customer or user identity is the crux of transaction security for many businesses. In the past, identity was viewed as a risk factor that would leave companies asking: Do I want to do business with you? Do I want to extend credit? What’s the real level of risk? Today, your user identity is now commonly used for everything — it serves as the entry ticket to your digital wallet, bank account, and enables you to perform financial and business transactions. This overuse of what should be protected information leaves customers vulnerable at all levels.
One of the most significant concerns about using PII is the issue of credential compromise. The problem occurs when the credentials of customers — passwords, biometrics, or other identifying components — become compromised due to phishing scams or other targeted attacks and are used by malicious users to hack customers’ email accounts, commit fraud, access their banking accounts, and cause otherwise unspeakable damage.
Without the use of personally identifiable information, however, how can companies perform accurate ID verification of customers to ensure they are who they say they are?
The Future of Identity in Security
As security companies and financial institutions continue to seek ways to keep hackers out through the creation of complicated and convoluted security processes, they often neglect one vital consideration: user experience. Users don’t want to remember dozens of passwords and login credentials. As such, it is imperative for companies to implement a solution that keeps the needs of users top of mind — and that means adopting passwordless security.
The user experience is all about creating simple, intuitive ways to accomplish tasks and goals. Rather than miring the authentication process with hard-to-remember passwords, a litany of personal questions, or the use of easily-hacked SMS messages, companies should make the user identity verification process fast and easy. This means implementing a security solution that is designed with customer experience top of mind.
One perfect example of what I’m talking about is this: I’m thinking about calling my local florist and saying, “hey, I just want to send flowers to my wife. Can you send a dozen roses?” And they can say, “Bimal, no problem” and it’s done. I don’t exchange information; I don’t do anything. It just happens. That’s sort of the nirvana that I say that we all strive for. As the consumer, that’s the experience you want.
How REL-ID Works to Protect User Identity & Simplify ID Verification
Uniken’s relationship identity (REL-ID) platform is a safe, intuitive, and scalable security solution that tightly integrates your identity, authentication, and channel security in a single software development kit (SDK). Not only does this mitigate the issue of SDK bloat by enabling you to keep a lightweight app that requires minimal CPU use, but it also provides better security, quality, and performance for users.
Unlike conventional security measures, which require a user’s device to connect to a network by creating a secure channel before ever verifying their identity, our one-of-a-kind approach turns this process on its head. REL-ID, which can be integrated into your company’s existing mobile app or be used as a standalone app, verifies the user before ever allowing them to connect. It does this through the use of an invisible 1:1 key exchange that eliminates the need for insecure third-party certificates.
This means that I’m never opening the door a crack to users, saying, “Let me see who you are,” and then, if you’re the wrong person, I’ve got to shove you out. With REL-ID, we just never open the door in the first place.
Uniken is a company that has used unconventional security methods to process more than $4.1 trillion in transactions that resulted in zero dollars, data, or identities being stolen. To learn more about how to secure user identity while simplifying the verification process, request a demo today.
You can watch the full interview with Bimal Gandhi by clicking on the video below: