Learning Center

Industry

mSIGNIA Named Finalist in The 8th Annual Nashville Technology Council Awards

NTC AwardsIt’s an honor to be nominated! We are pleased to announce that mSIGNIA has been named a Growth Stage finalist in the 8th Annual Nashville Technology Council Awards. Winners will be announced on January 26, 2017. Stay tuned.

What’s all the buzz about biometrics?

biometrics, payments, authentication

Mobile Payments with Biometric ID System

How many times have we heard that the password is going away as a means of authentication? Users like simple passwords that aren’t secure, and for convenience sake, the same password is often used for multiple online services. This practice, combined with how easily passwords can be hacked, make online accounts vulnerable. Two-factor authentication is more secure but the National Institute of Standards and Technology (NIST) has said that security concerns around deliverability suggest it is time to move away from SMS text messages, the most widely-used factor.

Lately there’s been a lot of buzz around using biometrics for authentication, often as a second factor, along with a password or PIN. Let’s take a look at the different types of biometrics, as well as the issues around each.

Physical biometrics
When you hear “biometric,” the first thing you probably think of is a physical biometric such as a fingerprint or eye scan. Physical biometrics don’t have to be remembered, and they have been proven to have a high degree of reliability, but they do require effort on the user’s part. In addition, not every mobile device has a scanner; users have expressed concerns about the ability to access accounts if the technology malfunctions, as well as security concerns over having their fingerprints stored. A password can be reset; a fingerprint cannot. And despite the issues associated with passwords, a recent Yougov study revealed that 58% of Americans prefer them over physical biometric authentication methods. With this sentiment, a good deal of education and reassurance may be needed before this method becomes widespread.

Behavioral biometrics.
Behavioral authentication looks at how a person moves or interacts with their devices. Each user has a unique way they strike keys, use a mouse, walk and talk, and those patterns can be used as an authentication method. Behavioral biometrics can be simple and cost-effective to implement and use. There are drawbacks, however; a user’s keying and mouse movements may be consistent on a desktop or laptop, but may vary depending on when and how they are using a mobile device. A cold, a bad connection and background noise are a few factors that can affect voice recognition.

Social biometrics.
Social biometrics is a trademarked term for a patented solution from Socure. As the name implies, the basis for identity verification is a user’s social networks combined with other trusted online and offline data. Most users are probably aware that they are giving up some privacy when they post on social media, and many sign into other online accounts using their social media credentials, but they often send mixed signals as to how they feel about it. According to a Pew Research report on how Americans feel about privacy, 67 percent of adults have little to no confidence that their activity on social media sites will remain private and secure. In addition, 86 percent of internet users have taken simple steps such as avoiding certain apps or changing their privacy settings on social media to cover their digital tracks, and many say they would like to do more.

It is unclear if users have these same attitudes when it comes to using their information from social networks to verify their identity; that may depend on the user experience.

Digital biometrics.
Digital biometrics is our patented, privacy-compliant method of authentication that uses personalized data on a user’s smart phone. We continuously analyze this data — how it is used and how it changes over time — to create a digital biometric profile that represents the user, not just the mobile device. This digital biometric profile can be recognized across any registered device, even new ones. This combats malicious account takeover which can lead to fraud and an invasion of a user’s privacy. Speaking of privacy, the information we access to create the digital biometric profile is anonymized. We know what information is associated with a user, but not the user’s name or any other private information. Private user data is not stored on our servers so it is not vulnerable to data breaches. This method of authentication is secure and requires little, if any, effort on the part of the user.

As for ensuring the user really is who they say they are, user behavior is only one of six scoring aspects. Other aspects include: device recognition, network verification, software analysis, user secrets/biometrics and geolocation. Deviations in data or change will be immediately detected. And while it is possible for a hacker to steal a user’s anonymized data, create a hardware/network/software environment equivalent to the actual user, and behave as the user does, it is highly unlikely.

In testing using digital biometrics for authentication, we found a 93.8 percent recognition rate of returning users. Perhaps more importantly, impostors were recognized 99.1 percent of the time, reducing the risk of fraud.

While other biometric methods may have their disadvantages, digital biometrics is an authentication method that is secure, reliable and user-friendly.

Want to see Digital Biometrics in action? Request a demo!

On the Radar: mSIGNIA iDNA establishes identity using a digital biometric approach

web_ovum_4c2xIntroduction

With its data-based biometric approach, mSIGNIA iDNA analyzes the data users add and generate on their mobile devices and the way their behavior changes that data to verify the individual. Read more and get the report here.

Authentication that combines security with convenience? The time has come for Digital Biometrics!

Money2020 #628The password has been on life support for years. Two-factor authentication with SMS OTP has been proven safer, but just as it was gaining traction, NIST stated it was unsafe and should not be used. Physical biometrics is getting a lot of buzz, but not every device can read a fingerprint or eye scan; and consumers have expressed concerns over storage of this very personal data. Even the chief of the UK’s Treasury Select Committee has asked bank regulators to consider what happens when biometric data is stolen.

With card-not-present fraud on the rise and more transactions taking place via mobile device, it’s time for an authentication method that not only reliably authenticates users — reducing risk and potential fraud — but also protects users’ privacy without disrupting the customer experience. That’s why we’re excited to demo our iDNA authentication platform at Money2020 in Las Vegas, Oct. 23-26.

At the heart of iDNA is our patented Digital Biometrics technology which studies up to 900 attributes to recognize users based on the personalized data on their mobile device. By learning how the data changes based on usage, we can create an anonymized profile that represents the user, not just the device. This means the user can be safely recognized on any device – even new ones.

How do Digital Biometrics compare to existing methods, as well as other emerging technologies? For online services, it is more reliable. Since the user is recognized based on data from their mobile device, online services don’t have to be concerned about whether a password has been stolen, a fingerprint has been lifted or if an online image has been copied from a social media site. While it is possible for a hacker to steal all of a user’s data, creating a hardware/network/software environment equivalent to the actual user and behaving as the user does is highly unlikely.

For users, it is more secure and convenient. They, too, do not have to worry about passwords being stolen; they also don’t have to remember a complicated password or try to key it in to their mobile device. Digital Biometrics uses anonymized data analytics, so no private information is at risk.

We realize there is no one perfect authentication method which is why we believe iDNA with Digital Biometrics is the best “first layer” in a risk-based authentication environment. Our SDK integrates well with existing solutions. If a user can be safely recognized at launch, no further action is required. In the event suspicious activity is detected, a second layer — such as a PIN or physical biometric — can be deployed.

We invite you to stop by Booth #628 at Money2020 and see how we’re bringing security and usability together for an innovative authentication method whose time has come. If you’d like to schedule a time to meet with us at Money2020, or want to see a demo in advance, contact us today!

3D Secure 2.0 SDK Delivers Easier, More Secure Mobile Payments

NASHVILLE, Tenn. – October 4, 2016 – mSIGNIA, an EMVCo Technical Associate, today announced its 3D Secure 2.0 software development kit (SDK) which meets EMVCo’s draft specifications to make mobile payments more secure without disrupting the customer experience. mSIGNIA developed — and is currently testing — its 3DS 2.0 SDK in cooperation with an EMVCo member organization.

During last week’s EMVCo User Meeting in Shanghai, mSIGNIA CTO George Tuvell met with a number of representatives of 3DS providers, payment networks and card issuers. “Many of them saw the advantages of working with mSIGNIA over developing their own product,” said Tuvell. As a result, negotiations are underway to begin testing with several partners, including at least one other payment network.

Development of the 3DS 2.0 SDK began after the EMVCo User meeting in Copenhagen this summer. “That’s when we realized that while there are hundreds of SDK vendors, very few were ready to develop a solution that would work on mobile devices,” said Paul Miller, CEO of mSIGNIA. “mSIGNIA is grounded in mobile security and identity, we understand EMVCo’s technical specifications and we know that the only solution that will be widely adopted is one that not only reduces fraud, but also reduces the friction associated with the current 3DS protocol.”

While the current 3DS version reduces fraud for online card-not-present (CNP) transactions, it has not been widely adopted in the U.S. because related customer friction at checkout can lead to cart abandonment and lost sales. In addition, 3DS today does not support payments made via mobile device, including in-app and mobile website purchases, and digital wallets. The need to extend CNP fraud prevention to the mobile environment is critical as it has been projected that by 2020, mobile commerce will make up nearly half of total ecommerce transactions.

mSIGNIA’s 3DS 2.0 SDK is optimized for resource-constrained devices and analyzes additional data points for increased security. The SDK will enable issuers and 3D Secure providers to quickly, easily and cost-effectively integrate the mobile specifications into their own applications in time for the 2017 rollout of 3DS 2.0.

Nóng hō, Shanghai and 3DS 2.0

EMVCo 3D Secure 2.0Next week, we’re in Shanghai along with other EMVCo Technical Associates, member organizations, issuers and others who have a strong interest in reducing card-not-present fraud and the user friction often associated with online and mobile transactions. The new version of 3D Secure aims to accomplish this with security enhancements and an emphasis on risk-based authentication that can support a frictionless user experience.

While EMVCo will make the new specifications available on a royalty-free basis for anyone to download, it is not their role to develop and distribute an SDK that meets the specifications; it is up to each 3DS provider to develop an SDK per each card issuer’s specifications.

mSIGNIA has developed a 3DS 2.0 SDK that is currently being tested with a major issuer and EMVCo member organization. Our company is grounded in mobile identity and security, so we have applied our mobile expertise to develop specifications that will reduce fraud and user friction on mobile devices and digital wallets. A derivative of our patented iDNA Digital Biometric platform, our SDK for 3DS providers:

  • Meets EMVCo specifications;
  • Is optimized for resource-constrained devices; and
  • Analyzes additional data points for increased security.

Our SDK is available to all 3DS providers who are looking for a solution that is cost-effective, easy to implement and can go live in just a few weeks. mSIGNIA will keep the SDK up-to-date so you don’t have to worry about dedicating resources to ongoing OS updates. If you’re wondering why you should buy an SDK instead of building your own, we have some of the answers.

We are scheduling meetings in Shanghai and by webinar to demonstrate how our SDK works and how it can easily integrate into your ACS. If you’re interested, request a demo today and indicate whether you will be in Shanghai or prefer a demo via webinar.

mSIGNIA Listed as a Sample Vendor in Gartner’s 2016 Hype Cycle for Mobile Security

NASHVILLE, Tenn. August 8, 2016 – mSIGNIA, the inventor of digital biometric technology and a leader in frictionless user authentication, today announced it has been named as a sample vendor in the Gartner “Hype Cycle for Mobile Security, 2016” report. mSIGNIA was named in the Mobile Platform Health Checks and Mobile-Apt User Authentication Methods categories.1

“As mobile becomes the most preferred method to bank, shop and otherwise connect with online services, it is critical to protect against fraud without disrupting the customer experience,” said Paul Miller, CEO of mSIGNIA. “mSIGNIA is grounded in mobile security and identity. Our patented digital biometric technology enables online services to safely and easily recognize returning users so confidence is not sacrificed for convenience.”

Mobile service providers need to find the right balance between security and user experience. Today, many services rely on 2-factor authentication to authenticate users. SMS text messaging, the most-widely used factor, was recently denounced by the National Institute of Standards and Technology (NIST) as an insecure method to authenticate a user’s device, as the message can be easily intercepted or misdirected. mSIGNIA uses an “associated push” method to verify the receiving device based on device indicators as well as the user’s changing data. If no anomalies are detected, the authentication process is invisible to the user.

Earlier this year, mSIGNIA was named as a Cool Vendor in the 2016 Gartner Cool Vendors in UEBA, Fraud Detection and User Authentication report.2

Gartner clients can access the Hype Cycle for Mobile Security, 2016, on gartner.com.

Disclaimer:

Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

1Gartner “Hype Cycle for Mobile Security, 2016” by Dionisio Zumerle and John Girard, 14 July 2016

2Gartner, “Cool Vendors in UEBA, Fraud Detection and User Authentication, 2016” 02 May 2016

3DS 2.0 Expands Card-Not-Present Fraud Protection to Mobile Payments

EMVCo 3DSecure 2.0Fifteen years ago, Verified by Visa was introduced as an additional security layer to protect online merchants, card holders and card issuers against online fraud. Today, each of the major card brands has its own 3D Secure (3DS) solution. While proven effective at reducing card-not-present fraud, 3DS has not been widely adopted by online merchants in the U.S. According to the “Annual Fraud Benchmark Report: North America Edition 2016” from CyberSource, only 23 percent of online merchants surveyed currently use 3DS as a fraud prevention tool.

That same survey also found that when it comes to employing fraud prevention tools, 3DS is the one most considered, with 20 percent planning new 3DS implementations. Why the increased interest? Up until October, merchants may have felt the fraud prevention provided by 3DS did not outweigh the customer inconvenience and possible lost sales. Requiring a cardholder to register a card, remember and enter a password — and/or wait for an SMS message with an authorization code — could lead to increased cart abandonment, with customers choosing to purchase elsewhere. The U.S. introduction of EMV “chip” cards, which are almost impossible to counterfeit, is one of several events causing fraudsters to shift their focus to online vulnerabilities, thus increasing the need for more detection and prevention. You can read more about the overall increase in online fraud here.

3DS may be the best solution to prevent card-not-present fraud on transactions made in an online browser, but what about mobile payments? Consider just a few mobile payment statistics and projections:

  • By November 2016, 42 percent of e-commerce purchases will come from mobile devices. – Bizrate Insights
  • In 2016, 51.8% of travelers who book trips via digital means will do so using a mobile device; in 2017, it will be 59.2 percent. — eMarketer
  • 48 percent prefer paying by phone as opposed to cash or credit card. – Chase survey of 1,500 adults
  •  Almost half of retailers say that (up to) 50 percent of their web sales come directly from purchases consumers made on apps. – Urban Airship (UK)

As more and more payments are made via mobile device — whether in-app, on a mobile website or as a digital wallet —the need to prevent card-not-present fraud extends beyond purchases made using an online browser. That’s why EMVCo was selected in November to advance and manage 3DS 2.0, an effort to expand card-not-present fraud prevention to mobile payments without affecting the user experience.

As a technical associate of EMVCo, mSIGNIA is contributing our experience and technology to help develop 3DS 2.0 specifications to support mobile payment fraud prevention while providing a more intuitive customer experience to encourage adoption. We recently joined payment industry stakeholders in Copenhagen for the EMV Users Meeting and two-day 3DS 2.0 workshop where we reviewed the initial draft of the mobile SDK final specifications. We will be in Shanghai in September to finalize the specifications, which are expected to be made available on a royalty-free basis to industry stakeholders in 4Q16.

The ultimate goal is to develop a safe, effective and user-friendly method to authenticate cardholders and reduce fraud and its related costs on any payment channel. We’ll provide more updates; in the meantime, you can learn more about EMVCo’s work on 3DS 2.0 by visiting their website.

Startups are Hot in Nashville and the Southeast

Greetings from Nashville, aka Music City, the It City, NashVegas — or, as we like to call it, NashValley. When you hear “Southeast” you probably think sweet tea, barbecue and the boys of fall; and you’d be right. But we’re so much more, as evidenced by last week’s 36|86 conference which was held in our […]

The Friday Five — May 27, 2016

36_86_ColorCNPExpo: We came, we discussed, we demo-ed. We even had time to find some news from outside the Loews Royal Pacific Resort and Universal Orlando. Next up, you’ll find us closer to home in Village36 at 36|86South. Hope to see you there!

Don’t get frustrated when it’s time to binge watch previous episodes of OITNB before the new season starts. Authenticate your service and chill. Authentication is key to much online programming

Being from Nashville, we know a thing or two about two-stepping. We also know a thing or two about two-factor. We’ll gladly demonstrate our two-factor moves, but please don’t ask us for dance lessons. Should two-factor authentication let me verify via a single device?

As mobile usage increases, so does the need for authentication solutions. Increase in Online Transactions Predicted to Fuel the Global Advanced Authentication Market Through 2020, Says Technavio

Smile and say “pay.” Will “selfie pay” and other biometric verification methods eventually replace the password? Authentication by ‘selfie’ – Will MasterCard bring a smile to the payments world? How secure is it and how has the market responded

Lots of good info was shared at last week’s CNPExpo. Since not everyone could attend, and some attendees had to leave early, we’re sharing the Day 3 wrap-up. CNPExpo – Day 3 Roundup

mSIGNIA Named by Gartner as a 2016 “Cool Vendor” for UEBA, Fraud Detection and User Authentication

NASHVILLE, Tenn. May 23, 2016 – mSIGNIA, the inventor of digital biometric technology and a leader in frictionless user authentication, today announced it has been named a “Cool Vendor” in the 2016 Gartner Cool Vendors in UEBA, Fraud Detection and User Authentication1 report. According to Gartner, advanced analytics is becoming a widely used mechanism for improvement of fraud detection and identity assurance and provision of adaptive access based on dynamic factors and variables.

“We believe mSIGNIA’s selection as a Cool Vendor establishes that online services and users are ready for an authentication method that does not sacrifice confidence for convenience,” said Paul Miller, CEO of mSIGNIA.

Online service providers, including financial and payment services and e-commerce, face the challenge of preventing fraud without adding friction to the transaction process. By applying dynamic data analysis to learn how data stored on a user’s smartphone is used and changes over time, mSIGNIA creates the user’s digital biometric profile. When deployed as the first method of authentication, the profile can be safely and easily recognized on any device, reducing the need for passwords.

To access the complete 2016 Cool Vendors in UEBA, Fraud Detection and User Authentication report, visit Gartner.com.

Disclaimer:

Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

1Gartner “Cool Vendors in UEBA, Fraud Detection and User Authentication, 2016” by Andrew Walls, Brian Reed, Avivah Litan, Sandy Shen and Craig Lawson, 02 May 2016.

The Friday Five — May 20, 2016

fingerprint-257038_1280We’re heading off to sunny Florida next week for the CNPExpo! If you’re going, stop by Booth #316 and say hi. Or, you can watch from afar as CEO Paul Miller will join in a panel discussion on mobile fraud challenges and CTO George Tuvell will demonstrate our Frictionless 2FA Authentication. Demo attendees will also have a chance to win an Apple Watch. Hope to see you there.

Windows 10 says goodbye to passwords, hello to biometric authentication. Windows 10 authentication options leave passwords behind

The National Cybersecurity Center of Excellence (NCCoE) is working on a project to reduce online retail fraud in the U.S. The goal? To reduce the risk in e-commerce transactions by employing multi-factor authentication using existing web analytics and contextual risk calculation. Cybersecurity experts consider standards for multi-factor authentication in the retail sector

“If an organization doesn’t do anything with the contextual data that mobile devices … provide, that data is useless.” We couldn’t agree more. Mobile apps should rely on contextual data, analytics

If Santa didn’t fulfill your wish list, did you just buy it for yourself online? If so, you helped online sales grow more than 15 percent for Q116. US ecommerce reaches USD 86 bln in Q1 2016

Is banking by biometric better? As mobile banking enrollment increases, there’s a lot of buzz about biometric login. Rise of Mobile Banking Lifts Biometrics Support in New Report

 

Opinion: Online fraud is soaring—is there any stopping it?

code-707069_640The Daily Dot: New technologies are helping to detect online fraud and protect users. CEO Paul Millers says fraudsters can run to online and mobile, but they can’t hide from their own digital biometric. Read more …

The Friday Five — May 13, 2016

friday-820962_1280Happy Friday the 13th! If you’re superstitious, you could try to protect yourself from online fraud by not using your mobile device under a ladder, throwing salt over your shoulder before you make a purchase, or just avoid going online today. Or, you could use unique, strong passwords for each online account and enable multi-factor authentication. It’s up to you. While you’re thinking about that, catch up on this week’s news in authentication, fraud and related topics.

For every action, there is an equal and opposite reaction. In other words, as POS fraud is projected to go down, online fraud is projected to increase. A lot. The balance of preventing fraud while providing a positive user experience continues. Report: Businesses to Lose $7.2 Billion to CNP Fraud by 2020

The bigger the bank, the more patents pending, particularly in areas such as mobile and analytics. Why? Because they can. As J.P. Morgan’s Andy Cadel, general counsel for technology, intellectual property and information security, points out: “If we invent something and we file a patent, that means no one else can patent it. We don’t want to find ourselves locked out of using our own invention.” Big Banks Stake Fintech Claims With Patent Application Surge

Sticks and stones may break your bones, but a stolen identity can really hurt you. Report: Nearly 20% of U.S. Consumers Would Rather Break a Bone than Have Identity Stolen

As more of us choose to purchase online, instead of stand in line, authentication has to change to meet the needs of the merchant and the consumer. The Future of Online Payment Authentication

Watch any “police procedural drama” on TV and you know someone can lift your fingerprint from almost any surface and recreate it. Some people have too much time on their hands. The rest of us need to consider what this means for biometric authentication. Enterprises Must Consider Privacy Concern For Biometrics

mSIGNIA to be visibly present at CNPExpo

CNPExpoFrom an awards nomination to a panel discussion to a demo of our frictionless 2FAauthentication solution, we’ve got this month’s CNPExpo covered!

  • Award Nomination. We’ve been nominated in the new category for Best Identity Verification and Authentication Solution. The award goes to the provider or solution that most effectively authenticates and verifies the identity of cardholders in a card-not-present (CNP) environment through directory services, two-factor authentication, 3DSecure or other means. Two awards will be presented: Judges Choice, selected by a panel of several top retailers and card-not-present industry veterans, and Customer Choice, selected by customers and users of the various products and solutions.
  • We’ll be exhibiting and giving one-on-one demos in Booth #316. Exhibit hall hours are:
    • Tues., May 24: 10 a.m. – 7 p.m.
    • Weds., May 25: 10 a.m. – 4:30 p.m.
  • Panel discussion. CEO Paul Miller will join other industry experts for a panel discussion on the different challenges in mobile fraud. Online mobile payment transactions—both in-app and mobile Web—and associated fraud are on the rise. The panel will discuss how mobile fraud is perceived, how it differs from other forms of CNP fraud, how it affects native apps and mobile websites and how to fight fraud in each channel. Catch Paul and the panel on Weds., May 25 at 4:15 p.m.
  • Demo and Giveaway. CTO George Tuvell will present a demo of our frictionless two-factor authentication solution on Weds., May 25 at 1:20 p.m. He’ll show you how mSIGNIA can reduce fraud and the use of unreliable passwords by applying our patented, privacy-compliant technology that analyzes behavioral data over time to create a user’s digital biometric profile so the user can be recognized across any device. Everyone who attends our demo will be eligible to win an AppleWatch®!

The Friday Five – May 6, 2016

We’re skimming the news on authentication and fraud to give you the info that rises to the top. Here’s this week’s Friday Five:

As online sales fraud goes down, rejected orders are going up. More companies are looking at implementing 3Ds and two-factor phone authentication as fraud prevention techniques. E-retailers cut their fraud rate, but turn away more good customers

If the forecasts by Juniper Research are correct, e-tailers are going to need better fraud prevention as chip and PIN cards drive the bad guys online. Online transaction fraud on rise – study

Are your complex passwords “hiding” on sticky notes around your computer? Or have you just given up and actually use “password” for your password? It’s time to make the password unforgettable. And the Password Is…Password!

Behavioral authentication, digital biometric. Tomato, tomahto. Either way, when it comes to authentication, no one knows you like your smartphone. Behavioral Authentication: Your New Best Friend

To log in or not to log in? When it comes to mobile commerce, the answer isn’t clear. Shoppers are left to weigh the convenience vs disclosing personal information. Should Retailers Require Mobile Shoppers To Log In?

mSIGNIA Receives Patent for Digital Biometrics™

NASHVILLE, Tenn. – May 2, 2016 – mSIGNIA, the inventor of digital biometric technology and a leader in frictionless user authentication, today announced that the United States Patent and Trademark Office has issued US Patent 9,294,448 covering digital biometric technology. This is an extension of mSIGNIA’s previous US Patent 8,817,984 on cryptographic security functions based on anticipated changes in dynamic minutiae.

mSIGNIA’s privacy-compliant technology analyzes a user’s data and how it changes. This user data — such as music, contacts and calendar — is synchronized across the various devices a user may have.  Because user data is independent of a device, it is less a device fingerprint and more a digital biometric that represents the user. A user’s digital biometric can even be verified when the user gets a new device; this combats malicious account takeover which can lead to fraud and an invasion of a user’s privacy.

Verify users with digital biometric technology

“The combination of the data a user amasses and the way their behavior changes that data, is a new and innovative way to recognize the user,” said Paul Miller, CEO of mSIGNIA. “When online services use mSIGNIA’s digital biometric platform as the first method of authentication, it reduces the need for other authentication methods that can disrupt the user experience.”

Financial services companies, ecommerce and online service providers, including corporate IT departments, are switching to multi-factor authentication. Today, that often includes using a device’s serial number or a user’s fingerprint; when these are not available, the online service must revert to awkward login processes like passwords or codes sent via an SMS message. mSIGNIA’s digital biometric provides a reliable, invisible recognition of the user so online services do not have to sacrifice confidence for customer convenience.

About mSIGNIA

mSIGNIA provides safe, customer-friendly authentication using patented data analytics that can recognize a user by their data, or digital biometric, across any device including new devices. The mSIGNIA iDNA platform provides online services with a privacy-compliant digital biometric and sophisticated mobile app security to identify users, recognize devices and reduce fraud, all while improving the customer experience. mSIGNIA is a technical associate of the FIDO Alliance and EMVCo.

The Friday Five — April 29, 2015

Some themes for this week: Will biometrics eventually replace the password? And how do you balance security with a positive user experience?

The conundrum: The user shouldn’t have to go out of their way to get accustomed to complicated new security procedures, but basic knowledge is essential for secure authentication. Surely someone has a solution for this … The Future of Authentication

The influx of new devices integrated with biometric sensors in the connectivity world and the emergence of new applications in the banking sector translates to an increase in overall market value. However, it also means that security concerns continue to increase. ABI Research predicts biometrics market to shift focus on banking, consumer electronics

Biometric technology could … mak(e) life easier for the average user and increase(e) security to offer banks peace of mind. This New Form of Biometric Authentication Might Actually Kill the Written Password

New mobile capture technology is proving extremely useful when it comes to preventing minors from purchasing and accessing age-restricted goods and services. Mobile’s role in ID verification for age-restricted merchants

On one side: having adequate controls in place to prevent transactions that violate U.S. sanctions. On the other side: customers whose innocuous payments are held up or blocked by automated screening that appears discriminatory. Venmo addresses blocked payments

The mSIGNIA Team Is Growing!

Nashville, TN (April 12, 2016) – mSIGNIA announced today recent additions to its team as the user authentication company positions itself for growth.

Thayer Phipps has joined mSIGNIA as vice president of sales. Phipps brings nearly 20 years of sales experience, most recently with Glassbeam, a machine data analytics company. He also has extensive sales experience in fraud solutions for the banking and payments industries. Based in Boston, Phipps is responsible for helping mSIGNIA grow by focusing on the payments, banking and e-commerce industries.

Konstantin Yurchenko Jr. is mSIGNIA’s senior iOS engineer. He has several years of experience building apps for iOS, most recently as a developer and consultant on projects including Pick Six, a sports pool and predictions game app, and Switcharoo, a college parking app. Yurchenko, who holds a Master of Science degree in engineering from the Rochester Institute of Technology, will manage projects and provide leadership to a growing team of developers.

LeAnn Stephenson has been hired as director of marketing. She has more than 20 years of strategic marketing experience in financial services, payments and B2B with companies such as Bank of America and Comdata. Stephenson will drive mSIGNIA’s messaging as well as content strategy and development.

Joel Langlois was most recently hired as a QA lead, performing quality assurance and testing of software development kits (SDK) for iOS, Android and browser. Langlois, a graduate of Belmont University, was most recently a data transformation specialist with Change Healthcare.

“Our team is growing to reflect mSIGNIA’s current and future opportunities,” said Paul Miller, CEO. “Our patented and privacy-compliant, mobile-first solution addresses two concerns – user authentication and customer experience – that are top-of-mind for our target audiences. We are now focused on refining and proving the technology while getting the word out that we offer the best platform to prevent fraud while reducing password dependence.”

We’re in the Zone! The FIDO Alliance Security Tech Zone at TRANSACT 16, that is.

Nashville, TN – April 5, 2016 – mSIGNIA will demonstrate its patented authentication solution in the Fast IDentity Online (FIDO) Alliance Security Tech Zone at TRANSACT 16, a leading payments technology event April 19-21 in Las Vegas. FIDO is spearheading the movement towards reducing reliance on passwords to enhance the user experience and improve security.

“We’rTRANSACT16e looking forward to participating in this event and demonstrating how users can safely and easily transact on any device, without having to remember a password or going through a complicated login procedure,” says Paul Miller, CEO of mSIGNIA. “With iDNA, our patented digital biometric authentication solution, data that a user stores on their smartphone is analyzed over time, not just when it is entered, so that the user is recognized across any of their devices, including new ones.”

The FIDO Alliance is an industry consortium transforming online authentication with standards-based specifications. Its members are committed to sharing technology and to collaborate on delivering open specifications for universal authentication methods that are interoperable, more secure and private, and easier to use. mSIGNIA joined the FIDO Alliance in December 2015.

mSIGNIA Nominated for 2016 CNP Awards!

Nashville, 2016-CNP-Awards-Logo-msigniaTN – March 31, 2016 – mSIGNIA has been nominated for a CardNotPresent (CNP) Award in the Best Identity Verification and Authentication Solution category, a new category for 2016. Nominees in this category represent providers or solutions that most effectively authenticate and verify the identity of cardholders in a CNP environment through directory services, two-factor authentication, 3DSecure or other means.

We are one of more than 60 companies nominated in 12 categories. Winners will be announced at CNP Expo May 23-26 in Orlando. Each category will have two winners: a Judges’ Choice and a Customer Choice. Customer Choice voting is open here until April 1.

CNP Expo is billed as the only conference and exhibition dedicated to the intersection of payment acceptance and e-commerce. It is presented by CardNotPresent.com, an independent voice generating original news, information, education and inspiration for and about the companies and people operating in the card-not-present space.

mSIGNIA’s iDNA Platform honored as Bronze winner at the 2016 Info Security Awards

mSIGNIA Bronze

Nashville, TN – March 1, 2016 – mSIGNIA, Inc. announced today that Info Security Products Guide, the industry’s leading information security research and advisory guide, has named mSIGNIA’s iDNA Platform a Bronze winner of the 2016 Global Excellence Awards® in the New Product and Service Announcement Category. The security industry celebrated its 12th Annual 2016 Global Excellence Awards in San Francisco by honoring excellence in every facet of the industry including products, people behind the successes and best companies.

More than 50 judges from a broad spectrum of industry voices from around the world participated and their average scores determined the 2016 Global Excellence Awards Finalists and Winners. Winners were announced during the awards dinner and presentation on February 29, 2016 in San Francisco attended by the finalists, judges and industry peers.

mSIGNIA offers the market’s best-in-class frictionless mobile authentication and device recognition solution, helping businesses limit risk, reduce fraud and enhance the customer experience within their fastest-growing digital channels.

By combining dynamic contextual authentication and intelligent behavior data analytics, mSIGNIA provides a secure user experience for browser access and mobile apps that protect businesses and end users from account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches.

“The Info Security Products Guide’s recognition of mSIGNIA’s iDNA Platform further validates our product as best-in-class and ahead of the curve when it comes to mobile and browser authentication methods,” said mSIGNIA’s CEO, Paul Miller.

 About Info Security Products Guide

Info Security Products Guide plays a vital role in keeping end-users informed of the choices they can make when it comes to protecting their digital resources. It is written expressly for those who are adamant on staying informed of security threats and the preventive measure they can take. You will discover a wealth of information in this guide including tomorrow’s technology today, best deployment scenarios, people and technologies shaping info security and market research reports that facilitate in making the most pertinent security decisions. The Info Security Products Guide Global Excellence Awards recognize and honor excellence in all areas of information security. To learn more, visit www.infosecurityproductsguide.com and stay secured.

About mSIGNIA, Inc.

mSIGNIA, Inc. was started in early 2010 by co-Founders George Tuvell (CTO) and Paul Miller (CEO). mSIGNIA’s founders have led mobile security efforts with groundbreaking start-ups and international vendors such as Symantec, GTE, and Cybertrust. mSIGNIA’s co-founders created a Patent on Contextual Authentication in 2011 – with no prior art related. mSIGNIA is a privately held company. Major investors include Tech Coast Angels and Gold Hill Capital.

Learn more about device authentication: www.msignia.com

mSIGNIA, Inc. Named Finalist in Info Security Products Guide Awards

2016-GEfinalist

Nashville, TN – January 2016 – mSIGNIA, Inc. announced today that Info Security Products Guide, the industry’s leading information security research and advisory guide, has named mSIGNIA, a finalist for the 12th Annual 2016 Global Excellence Awards in the New Product or Service Announcement Category. These prestigious global awards recognize security and IT vendors with advanced, ground-breaking products and solutions that are helping set the bar higher for others in all areas of security and technologies.

The mSIGNIA fraud prevention platform authenticates digital personas and mobile transactions to stop cybercrime. mSIGNIA enables application or service providers to reduce fraud and account takeover by recognizing good vs. bad users based on contextual identity. Its patented technology uses data analytics to provide a zero-friction, two-factor fraud prevention solution for browser logins and a secure TouchID experience for all mobile apps.

“We are proud to be recognized as an industry player whose mSIGNIA have been named finalist by Info Security Products Guide,” says CTO, Paul Miller. “Behind this distinguished success is our relentless drive to stay customer focussed. We believe this recognition from Info Security Products Guide further validates our commitment to our customers and their security needs.” 

About Info Security Products Guide Awards

SVUS Awards organized by Silicon Valley Communications are conferred in 10 annual award programs: The Info Security’s Global Excellence Awards, The IT Industry’s Hot Companies and Best Products Awards, The Golden Bridge Business and Innovation Awards, and Consumer World Awards, CEO World Awards, Customer Sales and Service World Awards, The Globee Fastest Growing Private Companies Awards, Women World Awards, PR World Awards, and Pillar Employee Recognitions World Awards. These premier awards honor organizations of all types and sizes from all over the world including the people, products, performance, PR and marketing. To learn more, visit www.svusawards.com

About mSIGNIA, Inc.

mSIGNIA’s leadership team has over 40 years in combined mobile security knowledge and implementation. They have led numerous, innovative mobile security efforts with start-ups and international vendors such as Symantec, GTE, and Cybertrust.

mSIGNIA offers the market’s best-in-class frictionless mobile authentication and device recognition solution, helping businesses limit risk, reduce fraud and enhance the customer experience within their fastest-growing digital channels. By combining dynamic contextual authentication and intelligent behavior data analytics, mSIGNIA provides a secure user experience for browser access and mobile apps that protect businesses and end users from account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches.

For more information please visit www.msignia.com

How Behavioral and Contextual Security Keep Your Mobile Information Safe

By: Paul Miller, CEO of mSIGNIA

The phone has come a long way, from its inception with Alexander Graham Bell to the brick phone in the 80’s all the way to today’s miniature computer. It’s hard to imagine going about our day-to-day activities without today’s mobile devices, especially now that they contain our entire lives: contacts, photos, music, video, health records and personal history, not to mention access to a world of information via the Internet. They are as powerful as a roomful of computers was a generation ago, and as personal as a toothbrush.

As with storing any personal data, there is a certain amount of risk involved if the phone were to be lost or stolen, but if collected and analyzed that precious data can give these devices such a distinct, one-of-a-kind fingerprint that it can actually increase the security of every electronic transaction. When discussing all the different forms of user authentication, the terms “contextual security” or “behavioral security” come into play, but what do they actually mean? Here’s how they relate to one another.

Mobile2

Contextual Security evaluates data from the end user to improve risk decisions. This includes attributes such as, geo-location, device IDs, device fingerprints, time stamps, IP addresses. When a user signs in for a service, this information is compared to previous interactions to evaluate whether this is the legitimate owner or a fraudster.

Behavioral Security has two aspects: user behavior and app behavior. It tracks a user’s typical navigational patterns when visiting a site or using a mobile app, including buying patterns, clicking behavior, swipe patterns etc. These actions are recorded and learned over time and are mapped to returning users to determine normal behavior.

App behavior, on the other hand, observes whether or not the app is behaving normally. If it is suddenly sending text messages to premium rate phone numbers, for instance, a warning flag could go up to alert users of potential fraudulent activity.

Is one method better than the other?
Contextual security is more broadly deployed today, as device ID, fingerprinting and GPS locating are common. Behavioral security is a newer approach that is gaining traction. For optimal protection, both are needed. They compliment each other and provide a better overall view of the risk decision. Sophisticated hybrids of contextual and behavioral security are emerging. “What you have” and “what you do” combine to form a richer set of identifying data to ensure the authenticity of the user by recognizing the device in their hand or pocket.

Everything a user adds to their device, such as contacts, calendar events and music, is constantly changing, and when combined with geo-location sets and usage patterns creates a data behavioral model that is truly as unique as a fingerprint.

Creating a new standard for authentication:
The password used to be the de-facto standard, with some “invisible” secondary factor such as geo-location or device ID recognition added at the back end for good measure. But now, organizations should look to provide as frictionless an experience as possible to the user by authenticating them via these invisible methods, while assuring that they are indeed using a secure service. A rich combination of contextual and behavioral data can recognize users so accurately that no further authentication methods are needed to keep that user and their transactions secure.

Obviously the more data collected about a user, the better organizations are able to recognize them. The distinction at this point needs to be made on being able to recognize the data and the unique patterns it contains, without intruding upon the privacy of the user. For example, an authentication program might know how many contacts or photos one has on a device, but it would not have access to those contacts or photos.

SplitShire-8937

So what do customers need to know to keep their information safe?

1. Safe Environment.
Ensure that endpoints on a system, whether they are a mobile device, tablet or browser, are free of malware, that apps hasn’t been tampered with, and that the operating system is legitimate.

2. Layers of Encryption
Make sure any data that’s being stored, both in the client, on the back end or in transit, is encrypted so that nothing is being stored or transmitted in the clear.

3. Frictionless Authentication
Make sure the device ID is in place, and include contextual and behavioral authentication components, as needed depending on the use case. Frictionless authentication is becoming more and more critical. The user does not wish to be bothered, so the more that can be accomplished behind the scenes the better.

The day is at hand when the smart phone in a user’s pocket will become the gatekeeper to every digital transaction they make, recognizing their unique contextual and behavioral data to validate their identity. In turn these methods will encourage brand loyalty and ensure that end users get the quality mobile experience they demand when conducting transactions online. 

 About the Author:
Paul Miller is a Co-Founder and Chief Executive Officer of mSIGNIA, Inc., a company that uses patent-pending data analytics to validate device, software and user personalization data to protect against fraud, malware and identity theft. Mr. Miller has specialized in mobile and token-based security for the last 17 years. Prior to this, he served in leadership roles for both global companies and start-ups. At $6B Symantec, makers of Norton Internet Security, he served as Managing Director for Mobile Security with global responsibilities for their mobile strategy and business.

mSIGNIA Joins the Fast IDentity Online Alliance (FIDO)

Mobile Security Platform Provider Aligns with FIDO Mission to Advance Authentication Beyond Passwords

NASHVILLE, Tenn., Dec. 17, 2015 FIDOAlliance — Today mSIGNIA announced it has joined the Fast IDentity Online (FIDO®) Alliance to assist the efforts to improve the way the world authenticates online services and eradicates fraud. The FIDO Alliance is an industry consortium transforming online authentication with standards-based specifications. Its members are committed to sharing technology and to collaborate on delivering open specifications for universal authentication methods that are interoperable, more secure and private, and easier to use.

The core ideas driving FIDO were developed to help organizations implement authentication methods beyond traditional password protection. For its part, mSIGNIA provides customers with:

  • Protection against fraud and account takeover: mSIGNIA offers real-time detection of mobile operating system compromise by malware (i.e. jailbreak/root detection), verification to combat malicious rogue apps and elimination of bots from probing Web services.
  • The ability to distinguish customers from criminals: The platform’s patented technology recognizes returning users instantly through contextual enrollment, app-enabled geo-location learning and device recognition for zero-friction user interaction. It leverages over 700 attributes on iOS and Android to identify the user and device, without storing any personal identifying information of the user.
  • Methods to increase application usage and improve revenue: mSIGNIA enables businesses to offer more value-added services to “good” users while markedly reducing “bad” user impact. When the score is good, the user is never bothered.

Paul Miller, CEO, mSIGNIA, said: “With mobile engagement on the rise, the practice of one-time passcodes sent to a mobile phone and fumbled password entry on mobile keyboards is becoming a thing of the past. New methods are needed to prevent fraud and protect good users, and having agreed-upon standards like those that FIDO provides helps in this effort. We look forward to active participation in the Alliance.”

Brett McDowell FIDO Alliance executive director, said: “I am pleased to welcome mSIGNIA as a new Associate Member of the FIDO Alliance. I look forward to seeing what contributions mSIGNIA makes to the thriving ecosystem of FIDO Certified products and how we can combine our collective efforts to deliver a seamless and stronger authentication process to enhance the user experience and eliminate app abandonment, frustration and security instability.”

About mSIGNIA:
Founded in 2010, the mSIGNIA fraud prevention platform authenticates digital personas and mobile transactions to stop cybercrime. mSIGNIA enables application or service providers to reduce fraud and account takeover by recognizing good vs. bad users based on contextual identity. Its patented technology uses data analytics to provide a zero-friction, two-factor fraud prevention solution for browser logins and a secure TouchID experience for all mobile apps. The company is based in Nashville, TN. To learn more, visit: www.mSIGNIA.com

About the FIDO Alliance
The FIDO (Fast IDentity Online) Alliancetm,www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO authentication is stronger, private, and easier to use when authenticating to online services.

Paul Miller on the Evolution of the Mobile Payments Market

Payment Law Advisor | OCTOBER 16, 2015 |

Evolution of the Mobile Payments Market

See Presentation

HERE

mSIGNIA’s iDNA Platform Named Finalist for Leading Industry Award

MobITs_CMYK_Finalist

mSIGNIA Recognized for Innovation in Mobile Security & Privacy

Nashville, TN August 21st, 2015 – mSIGNIA’s iDNA Platform announced today it was named a finalist in the Mobile Security & Privacy of CTIA’s MobITs Awards competition. Enhancing enterprise performance, efficiency and productivity, the MobITs Awards celebrate outstanding achievements in mobile IT solutions through mobile apps and platforms, customer experience, device management, security and privacy and new innovations. Winners will be announced Thursday, September 10 at CTIA Super Mobility 2015 at the Sands Expo in Las Vegas.

iDNA Platform

mSIGNIA’s iDNA™ Platform works by using continuous contextual authentication methods that validate the user based on data and changes within the user’s mobile device. iDNA™ is a single library that supports a range of authentication methods to simplify the app’s use, improve auth and system security and also to maintain existing workflows for developers and websites. –

See more at:

http://ctiait.ctia.org/awards/2015/public/index.cfm/viewEntry/560 – sthash.MHKXxpgt.dpuf

“The thirst for higher and more personalized authentication methods will only become more and more of a necessity as our world becomes more mobile. While the need for more complex and contextual authentication methods are currently the forefront of most development applications, the adherence of authentication from the average user will continue to rise in every aspect of an individual’s mobile identity in the near future,” said Marketing Admin Emily Anderson

“CTIA awards recognize some of the best mobile products and services that leverage, shape and transform our competitive and rapidly evolving mobile industry. These awards are perfectly timed for holiday buying and new year business planning, and CTIA Super Mobility 2015 attendees will have the opportunity to see and experience these innovations first hand,” said CTIA Vice President and Show Director Robert Mesirow.

Dozens of industry experts, reporters and analysts judged and scored hundreds of entries to determine the finalists and winners in CTIA’s annual awards program. CTIA will host the awards ceremony at CTIA Super Mobility 2015 and announce the winners Thursday, September 10 at 2:00 p.m. PT from the Networked Society Stage (Booth 3673) in the Sands Expo.

In addition, the public may vote for their “Crowd Favorite.” Online voting begins now, and onsite text voting begins September 8. “Crowd Favorite” voting ends Thursday, September 10 at 10:00 a.m. PT.

About mSIGNIA: mSIGNIA’s patented and privacy-compliant security platform uses the individual’s encrypted behavior analytics to anticipate the changes that normally occur in a user’s data as they interact with their mobile device.

The result is a frictionless user experience that can allocate for a superior, contextual data based security that passively delivers true end-to-end protection in order to prohibit cyber risks like identity theft and fraud.

mSIGNIA Press Contact: Emily.Anderson@msignia.com

Samsung, Verifone, CA Tech and MasterCard Offer Their Take on Tokens

PYMNTS.COM | JULY 09, 2015

http://www.pymnts.com/in-depth/2015

Apple Explores Ways To Secure, Set Up And Sell iOS Devices While Still In The Box 

TECHCRUNCH | MARCH 25, 2015
http://pulse.me/s/3KkONB

Future Crimes — A Guide To Tech Threats From Hackers, China, Google And Facebook 

FORBES: TECH | MARCH 20, 2015
http://pulse.me/s/3IM3H8