mSIGNIA Named Finalist in The 8th Annual Nashville Technology Council Awards

NTC AwardsIt’s an honor to be nominated! We are pleased to announce that mSIGNIA has been named a Growth Stage finalist in the 8th Annual Nashville Technology Council Awards. Winners will be announced on January 26, 2017. Stay tuned.

What’s all the buzz about biometrics?

biometrics, payments, authentication

Mobile Payments with Biometric ID System

How many times have we heard that the password is going away as a means of authentication? Users like simple passwords that aren’t secure, and for convenience sake, the same password is often used for multiple online services. This practice, combined with how easily passwords can be hacked, make online accounts vulnerable. Two-factor authentication is more secure but the National Institute of Standards and Technology (NIST) has said that security concerns around deliverability suggest it is time to move away from SMS text messages, the most widely-used factor.

Lately there’s been a lot of buzz around using biometrics for authentication, often as a second factor, along with a password or PIN. Let’s take a look at the different types of biometrics, as well as the issues around each.

Physical biometrics
When you hear “biometric,” the first thing you probably think of is a physical biometric such as a fingerprint or eye scan. Physical biometrics don’t have to be remembered, and they have been proven to have a high degree of reliability, but they do require effort on the user’s part. In addition, not every mobile device has a scanner; users have expressed concerns about the ability to access accounts if the technology malfunctions, as well as security concerns over having their fingerprints stored. A password can be reset; a fingerprint cannot. And despite the issues associated with passwords, a recent Yougov study revealed that 58% of Americans prefer them over physical biometric authentication methods. With this sentiment, a good deal of education and reassurance may be needed before this method becomes widespread.

Behavioral biometrics.
Behavioral authentication looks at how a person moves or interacts with their devices. Each user has a unique way they strike keys, use a mouse, walk and talk, and those patterns can be used as an authentication method. Behavioral biometrics can be simple and cost-effective to implement and use. There are drawbacks, however; a user’s keying and mouse movements may be consistent on a desktop or laptop, but may vary depending on when and how they are using a mobile device. A cold, a bad connection and background noise are a few factors that can affect voice recognition.

Social biometrics.
Social biometrics is a trademarked term for a patented solution from Socure. As the name implies, the basis for identity verification is a user’s social networks combined with other trusted online and offline data. Most users are probably aware that they are giving up some privacy when they post on social media, and many sign into other online accounts using their social media credentials, but they often send mixed signals as to how they feel about it. According to a Pew Research report on how Americans feel about privacy, 67 percent of adults have little to no confidence that their activity on social media sites will remain private and secure. In addition, 86 percent of internet users have taken simple steps such as avoiding certain apps or changing their privacy settings on social media to cover their digital tracks, and many say they would like to do more.

It is unclear if users have these same attitudes when it comes to using their information from social networks to verify their identity; that may depend on the user experience.

Digital biometrics.
Digital biometrics is our patented, privacy-compliant method of authentication that uses personalized data on a user’s smart phone. We continuously analyze this data — how it is used and how it changes over time — to create a digital biometric profile that represents the user, not just the mobile device. This digital biometric profile can be recognized across any registered device, even new ones. This combats malicious account takeover which can lead to fraud and an invasion of a user’s privacy. Speaking of privacy, the information we access to create the digital biometric profile is anonymized. We know what information is associated with a user, but not the user’s name or any other private information. Private user data is not stored on our servers so it is not vulnerable to data breaches. This method of authentication is secure and requires little, if any, effort on the part of the user.

As for ensuring the user really is who they say they are, user behavior is only one of six scoring aspects. Other aspects include: device recognition, network verification, software analysis, user secrets/biometrics and geolocation. Deviations in data or change will be immediately detected. And while it is possible for a hacker to steal a user’s anonymized data, create a hardware/network/software environment equivalent to the actual user, and behave as the user does, it is highly unlikely.

In testing using digital biometrics for authentication, we found a 93.8 percent recognition rate of returning users. Perhaps more importantly, impostors were recognized 99.1 percent of the time, reducing the risk of fraud.

While other biometric methods may have their disadvantages, digital biometrics is an authentication method that is secure, reliable and user-friendly.

Want to see Digital Biometrics in action? Request a demo!

On the Radar: mSIGNIA iDNA establishes identity using a digital biometric approach

web_ovum_4c2xIntroduction

With its data-based biometric approach, mSIGNIA iDNA analyzes the data users add and generate on their mobile devices and the way their behavior changes that data to verify the individual. Read more and get the report here.

Authentication that combines security with convenience? The time has come for Digital Biometrics!

Money2020 #628The password has been on life support for years. Two-factor authentication with SMS OTP has been proven safer, but just as it was gaining traction, NIST stated it was unsafe and should not be used. Physical biometrics is getting a lot of buzz, but not every device can read a fingerprint or eye scan; and consumers have expressed concerns over storage of this very personal data. Even the chief of the UK’s Treasury Select Committee has asked bank regulators to consider what happens when biometric data is stolen.

With card-not-present fraud on the rise and more transactions taking place via mobile device, it’s time for an authentication method that not only reliably authenticates users — reducing risk and potential fraud — but also protects users’ privacy without disrupting the customer experience. That’s why we’re excited to demo our iDNA authentication platform at Money2020 in Las Vegas, Oct. 23-26.

At the heart of iDNA is our patented Digital Biometrics technology which studies up to 900 attributes to recognize users based on the personalized data on their mobile device. By learning how the data changes based on usage, we can create an anonymized profile that represents the user, not just the device. This means the user can be safely recognized on any device – even new ones.

How do Digital Biometrics compare to existing methods, as well as other emerging technologies? For online services, it is more reliable. Since the user is recognized based on data from their mobile device, online services don’t have to be concerned about whether a password has been stolen, a fingerprint has been lifted or if an online image has been copied from a social media site. While it is possible for a hacker to steal all of a user’s data, creating a hardware/network/software environment equivalent to the actual user and behaving as the user does is highly unlikely.

For users, it is more secure and convenient. They, too, do not have to worry about passwords being stolen; they also don’t have to remember a complicated password or try to key it in to their mobile device. Digital Biometrics uses anonymized data analytics, so no private information is at risk.

We realize there is no one perfect authentication method which is why we believe iDNA with Digital Biometrics is the best “first layer” in a risk-based authentication environment. Our SDK integrates well with existing solutions. If a user can be safely recognized at launch, no further action is required. In the event suspicious activity is detected, a second layer — such as a PIN or physical biometric — can be deployed.

We invite you to stop by Booth #628 at Money2020 and see how we’re bringing security and usability together for an innovative authentication method whose time has come. If you’d like to schedule a time to meet with us at Money2020, or want to see a demo in advance, contact us today!

3D Secure 2.0 SDK Delivers Easier, More Secure Mobile Payments

NASHVILLE, Tenn. – October 4, 2016 – mSIGNIA, an EMVCo Technical Associate, today announced its 3D Secure 2.0 software development kit (SDK) which meets EMVCo’s draft specifications to make mobile payments more secure without disrupting the customer experience. mSIGNIA developed — and is currently testing — its 3DS 2.0 SDK in cooperation with an EMVCo member organization.

During last week’s EMVCo User Meeting in Shanghai, mSIGNIA CTO George Tuvell met with a number of representatives of 3DS providers, payment networks and card issuers. “Many of them saw the advantages of working with mSIGNIA over developing their own product,” said Tuvell. As a result, negotiations are underway to begin testing with several partners, including at least one other payment network.

Development of the 3DS 2.0 SDK began after the EMVCo User meeting in Copenhagen this summer. “That’s when we realized that while there are hundreds of SDK vendors, very few were ready to develop a solution that would work on mobile devices,” said Paul Miller, CEO of mSIGNIA. “mSIGNIA is grounded in mobile security and identity, we understand EMVCo’s technical specifications and we know that the only solution that will be widely adopted is one that not only reduces fraud, but also reduces the friction associated with the current 3DS protocol.”

While the current 3DS version reduces fraud for online card-not-present (CNP) transactions, it has not been widely adopted in the U.S. because related customer friction at checkout can lead to cart abandonment and lost sales. In addition, 3DS today does not support payments made via mobile device, including in-app and mobile website purchases, and digital wallets. The need to extend CNP fraud prevention to the mobile environment is critical as it has been projected that by 2020, mobile commerce will make up nearly half of total ecommerce transactions.

mSIGNIA’s 3DS 2.0 SDK is optimized for resource-constrained devices and analyzes additional data points for increased security. The SDK will enable issuers and 3D Secure providers to quickly, easily and cost-effectively integrate the mobile specifications into their own applications in time for the 2017 rollout of 3DS 2.0.

Nóng hō, Shanghai and 3DS 2.0

EMVCo 3D Secure 2.0Next week, we’re in Shanghai along with other EMVCo Technical Associates, member organizations, issuers and others who have a strong interest in reducing card-not-present fraud and the user friction often associated with online and mobile transactions. The new version of 3D Secure aims to accomplish this with security enhancements and an emphasis on risk-based authentication that can support a frictionless user experience.

While EMVCo will make the new specifications available on a royalty-free basis for anyone to download, it is not their role to develop and distribute an SDK that meets the specifications; it is up to each 3DS provider to develop an SDK per each card issuer’s specifications.

mSIGNIA has developed a 3DS 2.0 SDK that is currently being tested with a major issuer and EMVCo member organization. Our company is grounded in mobile identity and security, so we have applied our mobile expertise to develop specifications that will reduce fraud and user friction on mobile devices and digital wallets. A derivative of our patented iDNA Digital Biometric platform, our SDK for 3DS providers:

  • Meets EMVCo specifications;
  • Is optimized for resource-constrained devices; and
  • Analyzes additional data points for increased security.

Our SDK is available to all 3DS providers who are looking for a solution that is cost-effective, easy to implement and can go live in just a few weeks. mSIGNIA will keep the SDK up-to-date so you don’t have to worry about dedicating resources to ongoing OS updates. If you’re wondering why you should buy an SDK instead of building your own, we have some of the answers.

We are scheduling meetings in Shanghai and by webinar to demonstrate how our SDK works and how it can easily integrate into your ACS. If you’re interested, request a demo today and indicate whether you will be in Shanghai or prefer a demo via webinar.

mSIGNIA Listed as a Sample Vendor in Gartner’s 2016 Hype Cycle for Mobile Security

NASHVILLE, Tenn. August 8, 2016 – mSIGNIA, the inventor of digital biometric technology and a leader in frictionless user authentication, today announced it has been named as a sample vendor in the Gartner “Hype Cycle for Mobile Security, 2016” report. mSIGNIA was named in the Mobile Platform Health Checks and Mobile-Apt User Authentication Methods categories.1

“As mobile becomes the most preferred method to bank, shop and otherwise connect with online services, it is critical to protect against fraud without disrupting the customer experience,” said Paul Miller, CEO of mSIGNIA. “mSIGNIA is grounded in mobile security and identity. Our patented digital biometric technology enables online services to safely and easily recognize returning users so confidence is not sacrificed for convenience.”

Mobile service providers need to find the right balance between security and user experience. Today, many services rely on 2-factor authentication to authenticate users. SMS text messaging, the most-widely used factor, was recently denounced by the National Institute of Standards and Technology (NIST) as an insecure method to authenticate a user’s device, as the message can be easily intercepted or misdirected. mSIGNIA uses an “associated push” method to verify the receiving device based on device indicators as well as the user’s changing data. If no anomalies are detected, the authentication process is invisible to the user.

Earlier this year, mSIGNIA was named as a Cool Vendor in the 2016 Gartner Cool Vendors in UEBA, Fraud Detection and User Authentication report.2

Gartner clients can access the Hype Cycle for Mobile Security, 2016, on gartner.com.

 

Disclaimer:

Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

1Gartner “Hype Cycle for Mobile Security, 2016” by Dionisio Zumerle and John Girard, 14 July 2016

2Gartner, “Cool Vendors in UEBA, Fraud Detection and User Authentication, 2016” 02 May 2016

Startups are Hot in Nashville and the Southeast

Greetings from Nashville, aka Music City, the It City, NashVegas — or, as we like to call it, NashValley. When you hear “Southeast” you probably think sweet tea, barbecue and the boys of fall; and you’d be right. But we’re so much more, as evidenced by last week’s 36|86 conference which was held in our […]

The Friday Five — May 27, 2016

36_86_ColorCNPExpo: We came, we discussed, we demo-ed. We even had time to find some news from outside the Loews Royal Pacific Resort and Universal Orlando. Next up, you’ll find us closer to home in Village36 at 36|86South. Hope to see you there!

Don’t get frustrated when it’s time to binge watch previous episodes of OITNB before the new season starts. Authenticate your service and chill. Authentication is key to much online programming

Being from Nashville, we know a thing or two about two-stepping. We also know a thing or two about two-factor. We’ll gladly demonstrate our two-factor moves, but please don’t ask us for dance lessons. Should two-factor authentication let me verify via a single device?

As mobile usage increases, so does the need for authentication solutions. Increase in Online Transactions Predicted to Fuel the Global Advanced Authentication Market Through 2020, Says Technavio

Smile and say “pay.” Will “selfie pay” and other biometric verification methods eventually replace the password? Authentication by ‘selfie’ – Will MasterCard bring a smile to the payments world? How secure is it and how has the market responded

Lots of good info was shared at last week’s CNPExpo. Since not everyone could attend, and some attendees had to leave early, we’re sharing the Day 3 wrap-up. CNPExpo – Day 3 Roundup

 

 

 

 

mSIGNIA Named by Gartner as a 2016 “Cool Vendor” for UEBA, Fraud Detection and User Authentication

NASHVILLE, Tenn. May 23, 2016 – mSIGNIA, the inventor of digital biometric technology and a leader in frictionless user authentication, today announced it has been named a “Cool Vendor” in the 2016 Gartner Cool Vendors in UEBA, Fraud Detection and User Authentication1 report. According to Gartner, advanced analytics is becoming a widely used mechanism for improvement of fraud detection and identity assurance and provision of adaptive access based on dynamic factors and variables.

“We believe mSIGNIA’s selection as a Cool Vendor establishes that online services and users are ready for an authentication method that does not sacrifice confidence for convenience,” said Paul Miller, CEO of mSIGNIA.

Online service providers, including financial and payment services and e-commerce, face the challenge of preventing fraud without adding friction to the transaction process. By applying dynamic data analysis to learn how data stored on a user’s smartphone is used and changes over time, mSIGNIA creates the user’s digital biometric profile. When deployed as the first method of authentication, the profile can be safely and easily recognized on any device, reducing the need for passwords.

To access the complete 2016 Cool Vendors in UEBA, Fraud Detection and User Authentication report, visit Gartner.com.

Disclaimer:

Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

1Gartner “Cool Vendors in UEBA, Fraud Detection and User Authentication, 2016” by Andrew Walls, Brian Reed, Avivah Litan, Sandy Shen and Craig Lawson, 02 May 2016.