FaceAuthMe – Low friction facial biometric authentication

Authentication is a hot topic more than ever covering many aspects of our lives. It’s closer to our lives and even penetrates our most personal devices. With enough evidence that traditional methods are not enough to provide a safe, trusted authentication, there’s a need for an innovative solution that can bring extreme low friction to the end consumers.

Authentication is a hot topic

Authentication is growing to be a hot topic and an integral aspect of our daily routines, even penetrating personal aspects. Everyday, we enter passwords multiple times to turn on the laptop, use fingerprints to log in to mobile apps, receive One Time Passwords (OTP) to verify transactions. Authentication is everywhere and the need to authenticate ourselves safely and with trust , exists as fraudsters are increasing at an alarming rate.

Fraudsters are increasing at an alarming rate

Fraudsters are getting smarter everyday. From OTP hijacking, device spoofing to sophisticated social engineering schemes, they outsmart the technology. Unauthorized financial fraud losses in the UK alone across payment cards, remote banking and cheques totalled £824.8 million in 2019 while the combined worldwide figures for credit card fraud stand at an alarming $27 Billion. These circumstances demand that fraud is prevented at the earliest of customer interaction and customers are protected by better authentication methods.

Passwords are unreliable

  • Passwords are the root cause of over 80% of data breaches
  • Up to 51% of passwords are reused
  • The average user has more than 90 online accounts and mostly forget passwords
  • 1/3 of online purchases are abandoned due to forgotten passwords
  • 50% of users abandon their online banking transactions due to the hassle and friction caused by passwords
  • $70 average help desk labor cost is spent for a single password reset

(Source FIDO alliance)

One Time Passwords (OTP) are not the answer

  • SMS is not reliable. NIST strongly recommends against its use
  • Cost is higher
  • Increasing social engineering OTP scams

In device biometrics data are not secure enough

  • Dependence on device manufacturers for sensitive authentication solutions is too risky
  • Vulnerabilities of the large range of devices expose doors for fraudsters to break in
  • Many financial regulators are strongly against using in-device biometrics
  • Depending on the capabilities of the user device is a too much compromise

The world needs stronger, friendlier authentication

Mandates such as 3D Secure 2.0’s requirement for 2 factor authentication (2FA) will drive merchants and banks to adopt biometrics to make the payment experience smoother across a variety of platforms. Ubiquitous biometric sensors, present in many mobile devices, are in the forefront driving this wide adoption of biometric authentication. Yet, a widely unspoken, far unseen problem stands in the way of secure authentication. Can we extensively depend on in-device biometrics when it comes to crucial authentication processes?

Advantage of FaceAuthMeTM

Zone24x7’s facial biometrics solution FaceAuthMeTM is a secure, low friction solution that addresses the needs for Strong Customer Authentication (SCA) now and for the future. FaceAuthMeTM uses the person’s face to authenticate access using any device’s camera. This is done quickly, seamlessly, and a low-friction high secure method. FaceAuthMeTM uses sophisticated machine learning and AI algorithms that capture intelligently facial biometrics and other data of the customer to uniquely identify a genuine customer from a fraudster. FaceAuthMeTM provides a one-stop, seamless authentication experience for all authentication needs.

The novelty and innovative edge

No dependency on customer’s mobile phone

While most existing biometric authentication solutions heavily rely on the capabilities of customers’ mobile phones, FaceAuthMe is an off-the-device solution. There is no dependence on device manufactures, brands or 3rd party software vendors. Further, this enables FaceAuthMe to run on devices with extremely low processing footprint

Device agnostic, OS agnostic

FaceAuthMe is completely device agnostic, where it works on any device with a camera and an internet connectivity. The mobile phones, tablets, laptops or even desktops can be easily utilized in the authentication process. Further, reaping the benefits of being device and operating system agnostic, FaceAuthMe can run on non-personal device use cases such as POS terminals, ATM machines etc.

No action required from the end user

A key element in biometric based authentication is to verify if the user is live (Liveness), as fraudsters can easily impersonate a genuine customer with images or videos. In order to check liveness, most competitive solutions ask the user to do something in front of the camera such as, smiling, winking, turning the head sideways etc. Advanced machine learning and artificial intelligence algorithms in FaceAuthMe make sure that no action is required at all for liveness verification, ensuring extreme low friction.

Authenticate with just a selfie

Taking a selfie is now standard and familiar to almost all the demographics. While most existing products depend on complex, data heavy inputs such as videos and collection of image bursts, FaceAuthMe innovates the customer experience by taking just a selfie. The in-house developed artificial intelligence/ machine learning algorithms are powerful in calculating if an end user is genuine or a fraudster, just by looking at a single image.

No software/app needed – FaceAuthMeTM is not a mobile app

Many biometric solutions, that boast about biometric authentication in the existing market, depend heavily on special software applications developed to achieve the purpose. This adds a friction factor to the end customer where software needs to be downloaded and installed. Research clearly says that the penetration of mobile phone based apps is quite low (about 30%) even if the customer has a suitable mobile phone. FaceAuthMe, being a browser based application, removes this need for installing software and authenticates seamlessly.

Privacy by design and by default

FaceAuthMe considers privacy of the end customers quite seriously. Usage of pseudonymisation of customer data and encryptions used at data transfers makes sure that FaceAuthMe follows data protection by design. Its strictest privacy settings are applied by default, without any manual input from the end user. Personal data is kept for a definite period of time and it’s privacy friendly to the end customer making FaceAuthMe follow data protection privacy by default.

Summary

Being a proud Sri Lankan, inhouse developed product, FaceAuthMe is changing the status quo of how authentication is done at most secure levels. It’s innovative approaches in providing world class facial biometrics help achieve a low friction authentication while ensuring the security aspects, thus having a clear distinction with its competitors.

Thilina Bandara

Tech Lead – Cognitive Machine Learning

Towards a safer and a trusted authentication

At a time where fraudsters are growing at an alarming rate, authentication is becoming a hot topic in almost all aspects of our life. It is now linked to our life more than ever. Everyday we enter passwords multiple times to turn on the laptop, use fingerprints to log in to mobile apps, receive One Time Passwords (OTP) numerous times to verify transactions. But are they providing enough security while providing a low friction experience?

Why is authentication a hot topic?

Authentication is growing to be a hot topic in almost all aspects of our life. From turning on the mobile phone when we get up, to doing an online credit card transaction, authentication has become an important aspect of our life. Authentication is now linked to our life more than ever. Everyday we enter passwords multiple times to turn on the laptop, use fingerprints to log in to mobile apps, receive One Time Passwords (OTP) numerous times to verify transactions. Authentication is everywhere and the need to authenticate ourselves safely and with trust is felt by everyone. The reason is the increase of fraudsters at an alarming rate.

It is an open secret in the authentication context that fraudsters are getting smarter everyday. From OTP hijacking, device spoofing to sophisticated social engineering schemes, fraudsters are finding better ways to outsmart the technology. Unauthorized financial fraud losses in the UK alone across payment cards, remote banking and cheques totalled £824.8 million in 2019 (UK Finance 2020) while the combined worldwide figures for credit card fraud stand at an alarming $27 Billion and rising according to the Nilson report (The Nilson Report 2019). These circumstances demand that fraud is prevented at the earliest of customer interaction and customers are protected by better authentication methods.

Strong Customer Authentication (SCA)

In the context of banking and financial services, strong authentication uses multiple methods of factors, to verify the identity of the user.

  1. Possession – Something the user has such as the personal mobile device, a hardware token
  2. Knowledge – Something the user knows and shared between the user and the financial entity, such as a password, a pin or an answer to a security question
  3. Inherence – Something the user is such as their  biometrics i.e. behaviour, fingerprint, face, voice.

As the number of authentication factors increases, it becomes difficult for the fraudsters to impersonate legitimate users as multiple tactics need to be deployed for a targeted attack. If you would like to read the original SCA requirements, they are set out in the Regulatory Technical Standards for Europe.

Why is Inherence the best 2nd factor authentication

The number of organizations moving into SCA for user authentication is increasing to fight fraud. But one common understanding between all these organizations is that traditional authentication methods, of knowledge factor, are proving to be less effective in the authentication process. According to VISA passwords are dying and thus less promoted. A customer survey done in the USA has concluded that out of abandonments of online purchases, 49% are due to  the fact that customers can’t remember their passwords.

Source : (VISA 2017)

As customers are now becoming more comfortable with new forms of biometric authentication methods, common frustrations of forgetting passwords will be soon a thing-in-the-past. Inherence based authentication methods such as facial biometric authentication are proving to be faster, safer and easier compared to the traditional use of passwords or PINs, which are difficult to remember and easy to steal. 

The above survey has further revealed that more than 65% of the customers are already familiar with inherence based authentication. But out of many inherence based authentication methods, which would be the best?

Face is the way forward

Whilst there’s no silver bullet in the authentication world, there are many promising solutions. Above all Fingerprint identification, Facial biometric and behavioral biometrics play a key role. Organizations are yet to embrace behavior biometrics into their solutions due to the inherent issues such as not enough empirical validations and privacy issues. For instance strong relations to cognitive function may uncover undesirable aspects for public disclosure information, such as illnesses. 

Further we’ve seen prominent organizations such as Apple moving away from fingerprint based authentication methods lately for facial biometric based solutions. According to Apple the chances of a random face unlocking your phone are 1 in 1,000,000 while the risk of a random finger unlocking your phone is 1 in 50,000 (Apple 2020). This claims that Face is 20x secure than the fingerprint. Unless you have an identical twin, Face can be the way forward.

FaceAuthMeTM – a secure, low friction solution

Zone24x7’s facial biometrics solution FaceAuthMeTM is a secure, low friction solution that addresses the needs for Strong Customer Authentication now and for the future. FaceAuthMeTM uses the person’s face to authenticate access using any device’s camera. This is done quickly, seamlessly, and a low-friction high secure method. FaceAuthMeTM uses sophisticated machine learning and AI algorithms that capture intelligently facial biometrics and other data of the customer to uniquely identify a genuine customer from a fraudster. From secure access control to when a customer is making a risky transaction or using their credit card (e.g. to pay for an airline ticket), organizations are required to authenticate customers using SCA. FaceAuthMeTM provides a one-stop, seamless authentication experience for all of these authentication needs. If you want to find out more about FaceAuthMeTM or request a demo, please follow us here.

References

Thilina Bandara

Tech Lead – Cognitive Machine Learning