WHAT IS mSIGNIA’s PATENTED DIGITAL BIOMETRIC?
mSIGNIA invented and patented using data analytics to ID a user and their device by anticipating the way a user’s data – their Digital Biometric – naturally changes according to their behavior. mSIGNIA’s Digital Biometric patent has been validated in a US legal court of law, so only mSIGNIA can provide analytical authentication of the device and user by anticipating how data might change. Digital Biometrics enables a multi-factor, risk-based authentication that is invisible for the user so Merchants, Banks or any website can reliably identify their customers without forcing users to enter a password.
Why is EMV 3DS So Important?
EMVCo is the payment industry’s standards body responsible for securing in-person payments using a chipcard and online payments using 3DS. The ‘big new’ in in the 2ndversion of 3DS is mobile payments; the ‘big fix’ is a frictionless consumer experience.
mSIGNIA joined EMVCo in 2015 to help create the 3DS version 2 specification and was elected by other Technical Associates two years later to act as a technical advisor to the EMVCo Board, which includes American Express®, Discover®, JCB®, Mastercard®, UnionPay®and Visa®.
mSIGNIA was the first security company to release an iOS and Android mobile security SDK; as such mSIGNIA’s SDK and products were part of the initial EMV 3DS compliancy tests. mSIGNIA’s 6thgeneration SDK for iOS, Android and browsers is an EMVCo certified ‘universal’ SDK (uSDK); enabling:
- Merchants to integrate a single SDK into their website, iOS app or Android app and support the data requirements of nearly any EMVCo compliant issuing bank’s risk-engine
- Issuing Banks to register their risk-based authentication data requirements including device cookies and data tags with the Merchant’s app so they have the required data for risk scoring on the initial exchange
mSIGNIA’s iDNA enhancements to EMV 3DS leverage: ① mobile-first design, ② enhanced data collection during the initial payment request. and ③ risk scoring using patented machine-learning methods to accept more transactions, virtually eliminating the need for challenging the consumer and all while designed for consumer privacy.
Both Merchants and Issuing Banks can use mSIGNIA’s microservices to enhance the EMV 3DS security and user experience, including:
With Mobile App Point Protection, both the merchant and banking apps can be verified though mSIGNIA’s mConfig Manager or Associated Push, respectively.
mSIGNIA’s multi-factor, risk-based authentication can score on 4X the EMV 3DS standard data to improve reliability and even recognize a user on a new device to combat account takeover. Associated Push leverages the bank’s mobile app to improve user experience and increase consumer value for the banking app.
How Can Privacy and Identity Coexist?
With mobile apps, users are given the opportunity individually approve the permissions an app requests to access data. While mSIGNIA recommends certain permissions because their data improves security (i.e. geolocation and identifiers), mSIGNIA does not itself request permissions nor do we require an app developer to request certain permissions. mSIGNIA’s risk engine has a sophisticated scoring algorithm which allows for requested data and accounts for users that decline data access.
To augment data, mSIGNIA’s Associated Push enables trusted organizations who often perform risk scoring, like banks, to combine data they can collect from their app to the data from a merchant app, for example. Banking apps can often access more data than merchant apps because they request more permissions and user’s deny access less to aid in financial security.
mSIGNIA’s multi-party, remotely configurable uSDK enables merchants and banks to control which data is collected and passed according to international privacy laws and ecosystem rules. The uSDK is also designed to limit the number of off-device, third-party connections a mobile app initiates to control data exposure.
Even after a user gives their consent for a mobile app to access their data, mSIGNIA’s products take great care to anonymize any personal identifiable data allowable before it is sent off the device through various fuzzing and hashing techniques. These techniques ensure PII is not stored on web servers and the anonymization of identifiers prevents multiple web services from colluding to create a cross-indexing a user or their device.
What Makes Mobile-First Design Different?
Everybody is now talking mobile-first; mSIGNIA’s founders have specialized in mobile security since 1999. Since then, they have led mobile security efforts worldwide for Symantec, GTE, Gemalto, and various start-ups. Mobile was a game changer: the device was so personal it literally put you online. No longer did a user have to go to a PC and login; users are now always connected, and the physical and digital worlds now intermix.
mSIGNIA was founded because mobile changed the rules and conventions; yet security efforts did not. mSIGNIA was the first security company to provide iOS and Android libraries that get integrated into an app. This provides security from within and allows access to data that personalizes the experience for the user. It is this rich set of data that mSIGNIA uses in its patented Digital Biometrics. Data that identifies a user and their device; data that changes according to a user’s behavior. Data that makes it nearly impossible for someone to steal your identity. For even if they steal your data, the stolen copy of data will not change according to your behavior.
mSIGNIA’s invention of analytical authentication is an awesome responsibility. It requires care in maintaining privacy, conservation of mobile resources like power and network usage, use of app and OS capabilities like permissions and push, and mobile’s no-user-effort-is-the-best-user-experience interface.
In brief, it requires a mobile-first design; it requires the experience of mSIGNIA.