iDNA Merchant Solution Enhances EMVCo 3D-Secure Online Payment Experience and Security

NASHVILLE, Tenn. – 20 March 2018 – mSIGNIA, the leader in analytical authentication and inventor of Digital Biometrics, announces the iDNA Merchant Solution for EMVCo 3DS.  The iDNA platform is designed specifically so Merchants can easily support and enhance EMVCo’s 3DS version 2.1 specifications for secure online payment.

The ‘big new’ in 3DS-2 is mobile payments; the ‘big fix’ is a frictionless consumer experience. mSIGNIA was the first to release an iOS and Android mobile security SDK.  mSIGNIA’s designed-for-mobile SDK is invisible to the user, privacy compliant, conserves battery and reduces network traffic.  The 6thgeneration mSIGNIA SDK for iOS, Android and browsers is a ‘universal’ SDK (uSDK); enabling:

  • Merchants to integrate a single SDK in their mobile apps and website which supports EMVCo 3DS compliant payment networks and issuing banks
  • Issuing banks to register their risk-based authentication data requirements with the Merchant’s app so challenges are diminished, and more transactions are approved on the initial request

“mSIGNIA’s iDNA 3DS-2 solution was designed to nearly eliminate the need for merchants to challenge the consumer, a chief cause of transaction abandonment.  Two payment networks have already licensed mSIGNIA’s EMVCo 3DS solution to ensure an easy buying experience and reliable data access for their issuing banks,” said Paul Miller, CEO for mSIGNIA. “mSIGNIA’s ‘gateway’ design enables these features to be added to any compliant EMVCo 3DS merchant deployment.”

The iDNA Merchant Solution offers mSIGNIA’s patented security solutions as micro web services which merchants and other 3DS vendors can license to enhance 3DS-2 payments, including:

  • A 3DS Hybrid solution supports both 3DS v1 and v2 to accept more transactions
  • Payment Network selection allows a merchant to select the optimal pay rail for each transaction
  • App Point Protection protects eCommerce servers by detecting mobile malware risks to the OS and the merchant’s app
  • Digital Biometrics for two-factor authentication, analyzing over 1000 anonymized data signals
  • Associated Push replaces SMS OTP challenges for easier, safer risk-based authentication

mSIGNIA is recognized as a leader in mobile payment security, elected as a technical advisor to the EMVCo board and participating in EMVCo 3DS Early Adopter compliancy testing; the iDNA uSDK and 3DS Server will be certified compliant when certifications become available.

Merchants and 3DS vendors can contact mSIGNIA today at sales@mSIGNIA.comto arrange a demo of mSIGNIA’s iDNA merchant solution including its patented enhancements to EMVCo 3DS.

Learn More.

mSIGNIA, Inc. Announces Patent Office Victory in Continued Patent Enforcement Efforts Against American Express® Company Subsidiary InAuth, Inc.

FRANKLIN, Tenn., May 15, 2018 — mSIGNIA, Inc., a leader in analytical authentication and inventor of Digital Biometrics, announced today that it obtained a milestone victory in its continued patent enforcement campaign against American Express Company (NYS: AXP) subsidiary InAuth, Inc.

On May 10, 2018, the Patent Trial and Appeal Board rejected InAuth’s attack on one of mSIGNIA’s key patents, U.S. Patent No. 9,559,852 (the “’852 Patent”).  The PTAB’s decision will result in mSIGNIA’s patent enforcement action in the United States District Court for the Central District of California, filed November 10, 2017, continuing on schedule.  That enforcement action is set for trial in February 2019.  In the enforcement action, mSIGNIA seeks damages for any of InAuth’s past infringement and an injunction against American Express’s future use of any authentication technology covered by the ‘852 Patent.  The ‘852 Patent pertains to methods for identifying a device (such as a smartphone) or its user by using data found on the device and anticipating changes in that data.

“Frictionless mobile authentication is fundamental to the future of cyber security.  It is important mSIGNIA protect shareholder value and defend the market advantage our intellectual property provides our licensed customers.  We look forward to our day in Court and intend to protect mSIGNIA’s patents including by seeking appropriate injunctions as necessary,” stated Paul Miller, CEO of mSIGNIA.  mSIGNIA is represented in U.S. District Court and the Patent Trial and Appeal Board by Kenneth G. Parker and Thomas King of Haynes and Boone, LLP.

Learn More.

mSIGNIA Elected as EMVCo Board Advisor

FRANKLIN, Tenn., January 15, 2018 — mSIGNIA, Inc., the leader in analytical authentication and inventor of Digital Biometrics, announced today that technical associate members of EMVCo elected mSIGNIA to be a representative to the EMVCo board of directors.  EMVCo’s board of directors is comprised of leaders from six global payment network companies:  American Express®, Discover®, JCB®, Mastercard®, UnionPay®and Visa®.

mSIGNIA joined EMVCo as a Technical Associate in December 2015 to aid in the design of EMV 3DS, the global security standard for online payments.  Several elements of the EMV 3DS final specification were direct results of mSIGNIA’s expertise in mobile security.  mSIGNIA’s EMV 3DS SDK for browsers, iOS®, and Android®and mSIGNIA’s 3DS Server for merchants were part of EMVCo’s Early Adopter testing program where leading EMVCo technical associates provided the first products for compliance testing validation.

In just a couple of years, EMVCo Technical Associates recognized mSIGNIA’s efforts, dedication, and leadership with their appointment to the board as one of their representatives. “3DS provides a frictionless user experience and secure online payments,” said Paul Miller, CEO of mSIGNIA, “mSIGNIA is proud to be part of the EMV 3DS effort and excited on continuing efforts within EMVCo.”

mSIGNIA offers several EMV 3DS products including a ‘universal’ SDK which increases the number of transactions approved, a complete EMV 3DS Server merchant solution enhanced with many microservices that are designed first for mobile and always for privacy.  Already, two of EMVCo’s board member companies have licensed mSIGNIA’s 3DS SDK for use within their EMV 3DS rollouts.

Learn More.

PYMNTS Ranks mSIGNIA #3 in Device Intelligence Solutions

“The company’s software helps businesses limit risk, reduce fraud and enhance customer experiences within fastest-growing digital channels.”

NASHVILLE, Tenn. – The March 2018 edition of the Digital Identity Tracker™ by PYMNTS has ranked mSIGNIA #3 overall in Device Intelligence for digital identity solutions.

PYMNTS defines this category as the device fingerprint, IP geolocation, true app and device emulator features that a provider offers.

Over 150 Companies are featured in the Digital Identity Tracker. Companies are evaluated based on four primary criteria, including: Consumer Data, Device Intelligence, Transaction Behavior and MFA (Multi-factor Authentication).

The March edition from PYMNTS looks at how identification solutions are being evaluated by government agencies and workplaces around the world.

mSIGNIA is honored to be regarded so highly in the always evolving digital identity space.

Read the full report published by PYMNTS.

mSIGNIA Named Finalist in The 8th Annual Nashville Technology Council Awards

NTC AwardsIt’s an honor to be nominated! We are pleased to announce that mSIGNIA has been named a Growth Stage finalist in the 8th Annual Nashville Technology Council Awards. Winners will be announced on January 26, 2017. Stay tuned.

What’s all the buzz about biometrics?

biometrics, payments, authentication

Mobile Payments with Biometric ID System

How many times have we heard that the password is going away as a means of authentication? Users like simple passwords that aren’t secure, and for convenience sake, the same password is often used for multiple online services. This practice, combined with how easily passwords can be hacked, make online accounts vulnerable. Two-factor authentication is more secure but the National Institute of Standards and Technology (NIST) has said that security concerns around deliverability suggest it is time to move away from SMS text messages, the most widely-used factor.

Lately there’s been a lot of buzz around using biometrics for authentication, often as a second factor, along with a password or PIN. Let’s take a look at the different types of biometrics, as well as the issues around each.

Physical biometrics
When you hear “biometric,” the first thing you probably think of is a physical biometric such as a fingerprint or eye scan. Physical biometrics don’t have to be remembered, and they have been proven to have a high degree of reliability, but they do require effort on the user’s part. In addition, not every mobile device has a scanner; users have expressed concerns about the ability to access accounts if the technology malfunctions, as well as security concerns over having their fingerprints stored. A password can be reset; a fingerprint cannot. And despite the issues associated with passwords, a recent Yougov study revealed that 58% of Americans prefer them over physical biometric authentication methods. With this sentiment, a good deal of education and reassurance may be needed before this method becomes widespread.

Behavioral biometrics.
Behavioral authentication looks at how a person moves or interacts with their devices. Each user has a unique way they strike keys, use a mouse, walk and talk, and those patterns can be used as an authentication method. Behavioral biometrics can be simple and cost-effective to implement and use. There are drawbacks, however; a user’s keying and mouse movements may be consistent on a desktop or laptop, but may vary depending on when and how they are using a mobile device. A cold, a bad connection and background noise are a few factors that can affect voice recognition.

Social biometrics.
Social biometrics is a trademarked term for a patented solution from Socure. As the name implies, the basis for identity verification is a user’s social networks combined with other trusted online and offline data. Most users are probably aware that they are giving up some privacy when they post on social media, and many sign into other online accounts using their social media credentials, but they often send mixed signals as to how they feel about it. According to a Pew Research report on how Americans feel about privacy, 67 percent of adults have little to no confidence that their activity on social media sites will remain private and secure. In addition, 86 percent of internet users have taken simple steps such as avoiding certain apps or changing their privacy settings on social media to cover their digital tracks, and many say they would like to do more.

It is unclear if users have these same attitudes when it comes to using their information from social networks to verify their identity; that may depend on the user experience.

Digital biometrics.
Digital biometrics is our patented, privacy-compliant method of authentication that uses personalized data on a user’s smart phone. We continuously analyze this data — how it is used and how it changes over time — to create a digital biometric profile that represents the user, not just the mobile device. This digital biometric profile can be recognized across any registered device, even new ones. This combats malicious account takeover which can lead to fraud and an invasion of a user’s privacy. Speaking of privacy, the information we access to create the digital biometric profile is anonymized. We know what information is associated with a user, but not the user’s name or any other private information. Private user data is not stored on our servers so it is not vulnerable to data breaches. This method of authentication is secure and requires little, if any, effort on the part of the user.

As for ensuring the user really is who they say they are, user behavior is only one of six scoring aspects. Other aspects include: device recognition, network verification, software analysis, user secrets/biometrics and geolocation. Deviations in data or change will be immediately detected. And while it is possible for a hacker to steal a user’s anonymized data, create a hardware/network/software environment equivalent to the actual user, and behave as the user does, it is highly unlikely.

In testing using digital biometrics for authentication, we found a 93.8 percent recognition rate of returning users. Perhaps more importantly, impostors were recognized 99.1 percent of the time, reducing the risk of fraud.

While other biometric methods may have their disadvantages, digital biometrics is an authentication method that is secure, reliable and user-friendly.

Want to see Digital Biometrics in action? Request a demo!

On the Radar: mSIGNIA iDNA establishes identity using a digital biometric approach

web_ovum_4c2xIntroduction

With its data-based biometric approach, mSIGNIA iDNA analyzes the data users add and generate on their mobile devices and the way their behavior changes that data to verify the individual. Read more and get the report here.

Authentication that combines security with convenience? The time has come for Digital Biometrics!

Money2020 #628The password has been on life support for years. Two-factor authentication with SMS OTP has been proven safer, but just as it was gaining traction, NIST stated it was unsafe and should not be used. Physical biometrics is getting a lot of buzz, but not every device can read a fingerprint or eye scan; and consumers have expressed concerns over storage of this very personal data. Even the chief of the UK’s Treasury Select Committee has asked bank regulators to consider what happens when biometric data is stolen.

With card-not-present fraud on the rise and more transactions taking place via mobile device, it’s time for an authentication method that not only reliably authenticates users — reducing risk and potential fraud — but also protects users’ privacy without disrupting the customer experience. That’s why we’re excited to demo our iDNA authentication platform at Money2020 in Las Vegas, Oct. 23-26.

At the heart of iDNA is our patented Digital Biometrics technology which studies up to 900 attributes to recognize users based on the personalized data on their mobile device. By learning how the data changes based on usage, we can create an anonymized profile that represents the user, not just the device. This means the user can be safely recognized on any device – even new ones.

How do Digital Biometrics compare to existing methods, as well as other emerging technologies? For online services, it is more reliable. Since the user is recognized based on data from their mobile device, online services don’t have to be concerned about whether a password has been stolen, a fingerprint has been lifted or if an online image has been copied from a social media site. While it is possible for a hacker to steal all of a user’s data, creating a hardware/network/software environment equivalent to the actual user and behaving as the user does is highly unlikely.

For users, it is more secure and convenient. They, too, do not have to worry about passwords being stolen; they also don’t have to remember a complicated password or try to key it in to their mobile device. Digital Biometrics uses anonymized data analytics, so no private information is at risk.

We realize there is no one perfect authentication method which is why we believe iDNA with Digital Biometrics is the best “first layer” in a risk-based authentication environment. Our SDK integrates well with existing solutions. If a user can be safely recognized at launch, no further action is required. In the event suspicious activity is detected, a second layer — such as a PIN or physical biometric — can be deployed.

We invite you to stop by Booth #628 at Money2020 and see how we’re bringing security and usability together for an innovative authentication method whose time has come. If you’d like to schedule a time to meet with us at Money2020, or want to see a demo in advance, contact us today!

3D Secure 2.0 SDK Delivers Easier, More Secure Mobile Payments

NASHVILLE, Tenn. – October 4, 2016 – mSIGNIA, an EMVCo Technical Associate, today announced its 3D Secure 2.0 software development kit (SDK) which meets EMVCo’s draft specifications to make mobile payments more secure without disrupting the customer experience. mSIGNIA developed — and is currently testing — its 3DS 2.0 SDK in cooperation with an EMVCo member organization.

During last week’s EMVCo User Meeting in Shanghai, mSIGNIA CTO George Tuvell met with a number of representatives of 3DS providers, payment networks and card issuers. “Many of them saw the advantages of working with mSIGNIA over developing their own product,” said Tuvell. As a result, negotiations are underway to begin testing with several partners, including at least one other payment network.

Development of the 3DS 2.0 SDK began after the EMVCo User meeting in Copenhagen this summer. “That’s when we realized that while there are hundreds of SDK vendors, very few were ready to develop a solution that would work on mobile devices,” said Paul Miller, CEO of mSIGNIA. “mSIGNIA is grounded in mobile security and identity, we understand EMVCo’s technical specifications and we know that the only solution that will be widely adopted is one that not only reduces fraud, but also reduces the friction associated with the current 3DS protocol.”

While the current 3DS version reduces fraud for online card-not-present (CNP) transactions, it has not been widely adopted in the U.S. because related customer friction at checkout can lead to cart abandonment and lost sales. In addition, 3DS today does not support payments made via mobile device, including in-app and mobile website purchases, and digital wallets. The need to extend CNP fraud prevention to the mobile environment is critical as it has been projected that by 2020, mobile commerce will make up nearly half of total ecommerce transactions.

mSIGNIA’s 3DS 2.0 SDK is optimized for resource-constrained devices and analyzes additional data points for increased security. The SDK will enable issuers and 3D Secure providers to quickly, easily and cost-effectively integrate the mobile specifications into their own applications in time for the 2017 rollout of 3DS 2.0.

Learn More.

Nóng hō, Shanghai and 3DS 2.0

EMVCo 3D Secure 2.0Next week, we’re in Shanghai along with other EMVCo Technical Associates, member organizations, issuers and others who have a strong interest in reducing card-not-present fraud and the user friction often associated with online and mobile transactions. The new version of 3D Secure aims to accomplish this with security enhancements and an emphasis on risk-based authentication that can support a frictionless user experience.

While EMVCo will make the new specifications available on a royalty-free basis for anyone to download, it is not their role to develop and distribute an SDK that meets the specifications; it is up to each 3DS provider to develop an SDK per each card issuer’s specifications.

mSIGNIA has developed a 3DS 2.0 SDK that is currently being tested with a major issuer and EMVCo member organization. Our company is grounded in mobile identity and security, so we have applied our mobile expertise to develop specifications that will reduce fraud and user friction on mobile devices and digital wallets. A derivative of our patented iDNA Digital Biometric platform, our SDK for 3DS providers:

  • Meets EMVCo specifications;
  • Is optimized for resource-constrained devices; and
  • Analyzes additional data points for increased security.

Our SDK is available to all 3DS providers who are looking for a solution that is cost-effective, easy to implement and can go live in just a few weeks. mSIGNIA will keep the SDK up-to-date so you don’t have to worry about dedicating resources to ongoing OS updates. If you’re wondering why you should buy an SDK instead of building your own, we have some of the answers.

We are scheduling meetings in Shanghai and by webinar to demonstrate how our SDK works and how it can easily integrate into your ACS. If you’re interested, request a demo today and indicate whether you will be in Shanghai or prefer a demo via webinar.