The U.S. Department of Homeland Security (DHS) Cybersecurity & Infrastructure Security Agency (CISA) recently released its updated multi-factor authentication (MFA) guide. In it, the CISA also flagged FIDO as the gold standard for MFA.

FIDO Alliance, an open industry association that aims to develop and promote authentication standards, welcomes this development. The update is aligned with FIDO’s mission of reducing the over-reliance of the world on passwords. With this and the new Federal Zero Trust Strategy, the U.S. government is seen to send a clear message that the use of FIDO standards is preferred.

Understanding MFA: What It Is

Authentication is one way of ensuring cybersecurity. It is the process of validating a person’s identity and credentials, ensuring that they are who they claim to be. To further strengthen security, multi-factor authentication was introduced. It is also known as two-factor authentication. 

As the name suggests, it includes a combination of authentication methods. For instance, a user wants to access their bank account online or through their bank’s mobile app. They will have to go through MFA, which uses knowledge, possession, or traits.

Having multiple steps makes it harder for hackers to crack, steal, or compromise accounts.

Enabling MFA

The CISA offers a detailed guide — from the planning to the execution phase. Organizations can use this to strengthen their authentication process. 

Its latest update on the MFA guidance, however, emphasized ways of enabling MFA. Among the different forms of authentication that the agency enumerated are text message (SMS), email, authenticator app, and push notification.

Additionally, the CISA mentioned the use of the FIDO key. 

Fast Identity Online (FIDO) refers to a set of standardized authentication protocols that can help ensure cybersecurity while reducing reliance on passwords. It is built into the major browsers and phones. Meanwhile, the FIDO key refers to a portable security key. It is a hardware device to be used as an additional authentication method as part of an MFA. You can think of it as an encrypted version of your house key. 

Using these security measures can help make it more difficult to access information. It is especially needed nowadays as passwords and usernames are often compromised by various attacks like phishing and more sophisticated password cracking techniques.

Furthermore, CISA recommended using multi-factor authentication on email accounts, financial services, social media accounts, online stores, and even on gaming and entertainment streaming services. The agency also encouraged consumers to request companies and organizations to enable MFA for better security. 

As technology advances, so does cyberattacks. Hackers find more sophisticated ways to overcome cybersecurity. To protect data and information systems, organizations use authentication.

What It Is

Generally, authentication refers to the process of recognizing user identity. It is often seen at the start of applications.

Different credentials may be involved. These can be categorized into three. 

The first one is knowledge. The application or system will ask for something the user knows. It can be a PIN or a password.

The second category is possession or something that the user has. It can be an authentication application or SMS-based one-time passcode (OTP).

The third type is traits. This one refers to something that verifies who the user is, such as a face scan or fingerprint. 

Different Authentication Methods

For cybersecurity, the best approach is to have multi-factor authentication or what some may know as two-factor authentication. However, only 2.3% of Twitter active users are using this method as reported in the social media company’s Account Security Report.

Among those who said they take advantage of two-factor authentication, 79.6% use SMS-based OTPs. The problem is that SMS is one of the least secure methods of authentication.

It is important to understand that not all multi-factor authentication systems are the same. Some utilize more secure methods than others. To better understand this, it is necessary to get to know some of the authentication methods often used in two-factor authentication.

• SMS-based OTPs: Having SMS-based authentication implements multi-factor authentication. However, it is seen as the least effective when it comes to preventing common cyberthreats and attacks, including SIM swap and phishing. It is also not the most convenient method.
• Authenticator Apps: The user installs an authenticator app, which continuously generates new codes to show proof that the user owns the device tied to their account. While it may be better than SMS, using authentication apps is still open to the risk of getting intercepted through phishing and advanced attacks. 
• Security Keys: These refer to physical authentication devices. The user will connect to their device through Bluetooth, NFC, or USB. The security key will serve as their proof of identity when trying to access an application or website. To ensure maximum protection, having security keys that are up to FIDO standards is the best option. 
• Biometrics: Biometrics refers to a trait unique to the authorized user. It can be a face scan or fingerprints. On-device biometrics that follows FIDO standards do not only offer convenience but also have phishing-resistant technology.

To further improve cybersecurity, organizations and service providers must offer simpler but better authentication options. Then, the next step is for them to convince their users and clients to enable two-factor authentication. 

The growth of cryptocurrency has continued despite the challenges the economy has been facing during the year. However, this welcome development in the industry has also opened the eyes of more cybercriminals.

Security Challenges and Problems

Research from Crypto.com showed global cryptocurrency adoption growing to 221 million by June 2021. That is almost double the number recorded in January 2021. 

This growth has also caught the eyes of cybercriminals. In 2020, there were 122 blockchain-related attacks recorded. These led to the theft of almost $3.78 billion.

These attacks show weaknesses when it comes to the security of cryptocurrency investment accounts. 

Generally, an interested individual sets up an account. They use passwords or another knowledge-based authentication (KBA). While these seem enough, that is far from the truth. Both authentication methods are unfit to protect high-value accounts.

Passwords can be compromised. One of the most common techniques cybercriminals use is phishing. It is when the account owner is tricked to provide personal information that the criminals can use to access the account. 

Other possible problems a user can encounter when using KBA include forgetting key information, availability of personal information on social media, and data leaks. Another way is for the criminals to buy credential pairs and personal data from the dark web.

Better Security with Multifactor Authentication

For better security, some use two-factor authentication. For example, you can have a one-time passcode sent to you through SMS. However, cybercriminals have also seen through this method. Some attackers use SIM swapping or SMS relay service to get access to the code being sent to the user.

So, instead of using KBA, it is better to have possession-based authentication. That is when login credentials are stored on the physical device the account owner uses to log in. A good example of this is a smartphone.

Many crypto exchanges are already using possession-based authentication. To ensure protection, they even adopted FIDO authentication standards.

That said, standardization of authentication protocols is only one of the things that can help solve security issues in the cryptocurrency industry. Consistency is of great importance. Additionally, having multifactor authentication will also help a lot. 

The Nok Nok Guarantee

At the forefront of passwordless authentication is Nok Nok Products. Nok Nok is one of the FIDO co-founders. It offers solutions, such as multifactor authentication, to help secure digital payments and transactions. 

Contact Nok Nok to learn more about the best cyber security solutions.

Advancements in technology have helped make day-to-day activities easier to accomplish. However, they may also pose challenges and risks. That is why, now more than ever, risk management is vital for organizations. That is especially true for those in the financial sector. Having the 3LoD (three lines of defense) model can help. However, organizations have to make sure they can keep up with the demands of the industry as a whole and cyber security.

Going Digital

New technologies are introduced to us constantly. Knowing which ones offer the most benefits to make functions and transactions more seamless is vital. 

For instance, approaches to the 3LoD model can vary depending on the needs of the company. While the traditional option is more on the functional side and is silo-based, many companies are going for different approaches. One of these is the digitized method.

The digitalization of the risk management approach helps organizations view risk functions based on their ability to drive change, generate value, and satisfy the rising expectations of customers. The main objective of the 3LoD framework, which is to protect the organization from various risks, like cyber security, remains. Central to this is trust.

That said, it is important to ensure that risk management tactics do not add friction, slow processes, or deter innovation. They must be able to add value for clients while creating trust at the same time.

Digitalization in Action

There is no denying that digital transformation is where the trend is going. It is seen in many industries. In the financial sector, there are various forms of digital transformation in different subsectors of financial services. However, perhaps the one that is gaining momentum is the banking-as-a-service (BaaS) construct.

Many fintech companies and banks have adopted innovations that will allow them to engage with their customers in deeper and more meaningful ways. Thus, transforming the way banking is done. 

For instance, traditional banks are now offering digital experience platforms. Mobile banking has increased, and new payment methods were introduced.

Addressing Needs And Cyber Security

With the COVID-19 pandemic, many regulators accelerated the shift towards asking financial service providers to identify the most important business services they offer, consider vulnerabilities broader than IT and cyber security failures, and assume possible severe systemwide threats that could lead to the failure of said services.

Risk management approaches are seen to need a more holistic approach that not only focuses on strengthening technology infrastructures and information security, but also addressing cyber security threats. At the same time, they should be able to enhance key touchpoints. For instance, they have to streamline the process to open an account. Additionally, risk intelligence should allow organizations to make quick decisions and improve their effectiveness and efficiency.

Digitalizing key risk management capabilities will not make 3LoD irrelevant. Instead, it will help strengthen it for better results.

The introduction of blockchain technology has opened doors to new opportunities. It helped make data sharing easier and secure. However, it can be vulnerable to cyber security attacks.

What It Offers

Blockchain technology was created to provide a decentralized distributed ledger that records digital assets. A single ledger gives access to thousands of connected computers and servers. With this, a user can complete transactions without the involvement of a third-party intermediary.

Here is how it works:

• A user creates a transaction using a blockchain network
• A block will then be created. It represents the creation of the transaction.
• The requested transaction will be broadcasted over the network that will validate it. The peer-to-peer network is made up of computers, which are called nodes.
• The verified transaction will be combined with other blocks. Thus, creating a new block of data for the said ledger.

There are various types of verified transactions. These include any valuable information shared in the ledger, contracts, cryptocurrency, and records.

Blockchain Technology and Cyber Security

While blockchain aims to provide a secure environment, it can still be vulnerable to attacks involving cybercriminals.

One of the most known applications of blockchain technology is cryptocurrency. The industry has been seeing growth in the past few years. However, it has also become a target of many cyberattacks.

For instance, the Poly Network platform has experienced the biggest crypto heist ever. Hackers successfully stole around $600 million in cryptocurrency from the decentralized finance (DeFi) platform. 

While the stolen funds were returned, the theft highlighted a vulnerability in the platform’s security features. 

Reducing Risks with Better Security

The Poly Network is only one incident among multiple thefts targeting blockchain. That is why cyber security is vital. Platforms must ensure proper protocols are taken to protect their users.

One form of protection is to get insurance. In the crypto industry, some insurance providers offer coverage for asset owners. That said, insurance comes with limitations. Aside from availability issues, there is a lack of legal and regulatory clarity in the insurance of crypto assets. Some platforms also conduct stability initiatives to strengthen their customer protection systems. 

Three steps can help with this. 

First, there is a need for better regulation, especially when an entity reaches a certain size. 

Second, developers should take extra caution. For instance, they can get audits for every project. 

Third, users should practice self-protection. This step is crucial. After all, many hacks and scams succeed due to the vulnerability of the users to attackers.

Do you want to stay updated on cyber security and authentication solutions? Subscribe to Nok Nok now.

In the past, organizations only relied on experience and some internal audit functions to identify weaknesses that could make the company vulnerable to unnecessary risks. Aside from the auditor, there was no real line of defense against various dangers that could negatively affect the organization. The introduction of 3LoD and multi factor authentication changed the game.

3LoD stands for three lines of defense. As the name suggests, it is a risk management model consisting of three levels. It aims to promote a better and stronger risk management culture. At the same time, the framework helps eliminate inefficiencies, overlaps, or gaps.

Understanding the 3LoD And Multi Factor Authentication

The idea of using multiple protection is a practical solution. It offers safer and more secure interactions and transactions. It can be seen in real-life applications, such as the use of multi factor authentication for payments and such.

The application of the 3LoD may vary depending on the organization. However, the concept behind it does not change. Here are the main characteristics of the three defenses:

Line #1: Risk Owners or Risk Takers

The first line of defense (1LoD) refers to the ones executing control. These include the frontline staff members and the operational management team. The 1LoD implements systems crucial in managing risks related to operations and non-financial functions.

Line #2:  Risk Oversight or Risk Guardians

The second line of defense (2LoD) covers the risk management and compliance functions of an organization. That means these are the members of the organization that monitors risk, such as the back office. They provide the necessary support, tools, and even advice to help the 1LoD in risk identification, management, multi factor authentication and monitoring.

Line # 3: Independent Risk Assurance

The third line of defense (3LoD) is from the internal audit function. It ensures that the 1LoD and 2LoD are effective and that both the risk management framework and internal control function are working.

A strong 3LoD framework has helped many organizations prepare for risks, manage them based on priority, and prevent huge losses.

That said, the changing market poses new challenges. Better utilization is necessary for better security.

In the financial sector, for example, the focus is now more on operational resilience. Prioritizing this aspect has become prevalent among financial services regulators, especially with the COVID-19 pandemic. Aside from considering their vulnerabilities and ensuring cyber security, reducing friction is also a must.

Nok Nok Products’ solutions, such as biometrics and multi factor authentication, can help. You can enhance your organization’s security and reduce friction at the same time. Thus, strengthening your line of defenses and allowing you to have good risk management strategies.

Security is an important aspect that companies have to prioritize when it comes to onboarding and sign-in processes. However, it is not the only thing that businesses have to think about.

Perhaps equally vital is user experience. It is crucial for companies to provide convenience. This way, customers will not view the sign-in process as a chore. 

Intuit, a global technology platform, understands this need. In its search for a solution that will ensure the protection of customer data and offer a convenient user experience, Intuit decided to partner with Nok Nok Products to implement FIDO Authentication.

A Partnership for Better Service With Biometric Authentication

The partnership, as discussed by Intuit Director and Head of Product Marcio Mello, produced phenomenal results. They used biometric authentication based on FIDO standards in their mobile applications, such as Turbo Tax.

Analysis of data during the implementation showed improvement. The company saw no drops during onboarding. The addition of biometrics into the flow helped the company achieve zero enrollment drops.

Additionally, the success rate for signing in also increased. It was almost 100%. In fact, Mello confirmed a 99.9% success rate. That is an improvement compared to other factors. For instance, OTP over SMS can give companies approximately 80% to 85% success. That is if the company is lucky.

That means the FIDO Authentication implementation helped reduce friction in the customer life cycle. 

For organizations with multiple apps, Mello suggests building multi-factor authentication (MFA). According to him, the priority should be the entry point.

Nok Nok Products and MFA

When it comes to user experience, there is no one-size-fits-all solution. That is why companies need to work with reliable industry experts. For instance, Intuit worked with Nok Nok Products for biometric authentication.

Nok Nok Products is a member of the FIDO Alliance. It is among the companies that are pushing for the lessening of password reliance. That said, it does not mean it is against the use of passwords. Aside from biometric authentication, Nok Nok Products offers MFA. Companies can opt for the feature that will best suit their services and needs.

Working with Nok Nok Products comes with many advantages. For example, the company’s services can improve onboarding success by 10%. The onboarding time can also decrease by 50%. Furthermore, sign-in speed can increase by 78%.

If you want to experience the benefits that Nok Nok Products offers, connect with the Nok Nok team.

Markets of today have become more competitive than ever. Standing out among one’s competition has become more challenging each day. For companies, one powerful tool to explore is convenience. In fact, the latest Consumer View report of the National Retail Federation showed that around 83% of consumers consider convenience as a more important factor now compared with five years ago. Approximately 52% said convenience had influenced half or more of their purchases. But what about cyber security with convenience?

Going Mobile

Continuous innovation for convenience brought us mobile phones. In 2021, 5.22 billion people use mobile phones. That number is seen to grow to 7.3 billion by 2023. 

But gone are the days when their only purpose is to help us communicate through calls and messages. Now, mobile phones have become part of the daily lives of many. They can be used to browse the Internet, connect on social media, and even make payments.

Mobile Wallets

The COVID-19 pandemic has impacted lives and businesses. With the need for safer interactions and transactions, more people moved to the use of mobile wallets. Aside from convenience, making digital payments offer a safer way to complete transactions.

Finaria highlighted this development in its report. According to Finaria, the global mobile wallets market in 2018 totaled $755.6 billion. After 12 months, it saw a 90% increase and reached almost $1.2 trillion.

Mobile wallet users reached 901 million globally in 2019. That is expected to reach 1.5 billion in 2021 and 1.7 billion by 2023. The number of mobile POS payment users also saw a rise in 2020, hitting the $2 trillion benchmark. The surge occurred amid the pandemic outbreak. That value is expected to increase further by half a billion in 2021.

Challenges Faced With Cyber Security

Data trends show a shift towards a cashless society. In 2020, around 86.5% of Americans checked their bank accounts through their mobile devices. Within the same year, about $503 billion dollars were sent out as payments using a mobile device.

However, with the convenience that mobile wallets offer comes challenges. Among them is cyber security. Since 2015, there is an increase in mobile app fraudulent transactions. The rise in such cases was over 600%. In 2019, there were 14,392 breaches recorded. These resulted in more than $40 million in losses. Of the total digital fraud losses, 89% were due to account takeovers.

Forecasts for mobile wallets see an upward trend. The U.S., which currently ranks second in terms of mobile payments market size, has $465.1 billion worth of transactions. The following years are expected to show an estimated growth of 49% or a total value of approximately $698 billion by 2023.

Strengthening cyber security for mobile wallets, such as through the use of biometrics or multi-factor authentication, will not only ensure safe transactions for you and your clients but will also help prepare you for a cashless society.  

Want to stay updated? Subscribe to Nok Nok.

The three lines of defense (3LoD) model was introduced to provide a framework that will help organizations in ensuring better biometrics risk management. 

Identifying the 3LoD

Generally, the 3LoD model includes three aspects. These are the following:

• First line of defense (1LoD): Risk Owners/Risk Takers
• Second line of defense (2LoD): Risk Oversight/Risk Guardians
• Third line of defense (3LoD): Risk Assurance

These three groups have to work together by splitting the responsibility based on their functions. In doing this, it is important to clearly define the responsibilities, roles, and levels of accountability of each.

Clarity is among the most important things the 3LoD framework has to offer. It makes risk management easy to understand and communicate. With this, organizations can better determine ambiguities, gaps, overlaps, and weaknesses that could affect risk management activities. 

In applying the concept behind the 3LoD model, many organizations have gone to siloed and people-centric approaches. While that can be beneficial, organizations that want to stimulate innovation and further remove friction may need to approach this framework differently.

That is where a risk activity-based model can come into play with biometrics.

Shifting to a Risk-Based Approach

A risk activity-based model requires organizations to review risk activities instead of functions. 

Typically, organizations use business functions as their guide in defining the 1LoD and 2LoD. They decide based on the key activities. These are sorted into two groups — risk-taking and risk monitoring.

However, this type of approach may overlook certain things, such as when the activities that fall under the 1LoD occur in non-traditional areas. Therefore, resulting in a lacking 3LoD.

Proper application of a risk activity-based 3LoD model offers many benefits. These include:

• improvement of risk coverage across the 3LoD framework
• increase in confidence that key risks are addressed effectively
• assurance that emerging governance, risk, and control matters meet regulatory expectations
• stable, sustainable, and flexible 3LoD model
• greater efficiency

Reducing Friction

Risk management is only one of the many aspects that organizations have to focus on. Another crucial factor is security, which is especially vital when there are finances and client information involved.

That said, some organizations find it hard to offer security without friction. Fortunately, there are ways to ensure better security while reducing friction. One of these is through the adoption of features like biometrics.

With the right provider, the use of biometrics can lead to more advantages for organizations. For instance, with Nok Nok Products, there is a 50% reduction in onboarding time. Thus, making the experience for the customer more pleasant. It, in turn, can help in promoting customer loyalty. 

For many transactions, customers have to input personal information. Because of this, companies have to find ways to ensure security and safety. That is where passwords come in. It is common practice for businesses and platforms to implement passwordless authentication. This way, only the user can access their account.

However, that is not always the case. There are times when others get access to the customers’ passwords. In some cases, the users themselves end up forgetting their passwords. 

Security And Convenience In One

User experience is important not only to customers but to businesses as well. There are many instances when customers abandon their shopping carts or a company’s website or app because they have forgotten their passwords. While resetting the password is an option, it adds another step to the sign-in process.

Intuit, like other companies, wanted to find a way to add more layers of security for the protection of customer data while preventing additional friction when it comes to user experience. Its priorities for a mobile authentication solution were frictionless user experience, security, and minimizing account takeover.

This is a great goal. However, it can be hard to achieve.

Fortunately, Nok Nok Products offers a solution. That is passwordless authentication. Intuit partnered with Nok Nok Products to implement FIDO Authentication on its mobile applications. With this, the login process offers the best of both worlds. It allows Intuit to accomplish all its priorities.

Impact on the Sign In Journey

Intuit successfully rolled out FIDO Authentication across its business applications by working with Nok Nok Products. This partnership has proven the effectiveness of passwordless authentication. 

In terms of usability, the company saw a 20% reduction in the sign-in time on its mobile apps. Login success rates also increased by 6%. 

Security was also addressed. The company reported that there was a decrease in successful phishing attempts since they used FIDO Authentication. 

The user experience was simplified by FIDO authentication. The password-free authentication reduced the number of steps in the process. Because of this, Intuit said it got more opportunities to enhance other security features. 

The success of the partnership pushed Intuit to further include FIDO Authentication in its plans for user sign-in experience, especially on the web. Additionally, the company is thinking of enhancing other flows by implementing FIDO Authentication on other aspects like phone push notifications. 

To learn more about passwordless authentication and get more insight on improving user experience, subscribe to Nok Nok Products.