New authentication methods: biometrics & eSigning as standards
When offering digital services, it is common for companies to create platforms or private websites requiring customer registration.
Digital authentication technologies are the gateway to these services and enable remote user identification.
As there are several different user authentication methods on the market, choosing between one or the other is an important decision that must consider both data security and ease of use for customers and employees. But what is an authentication method, and which one is the best for each use case?
In this post, we explain the advanced digital authentication methods and the most secure customer authentication methods so that you can choose the best solution for your company.
What is digital authentication?
Digital identity authentication, or digital authentication, by definition, is an electronic process that enables a natural or legal person to identify themselves and verifies data integrity. Prior to authentication, the customer must register in the system (customer onboarding process), which requires the company to prove their identity.
Digitalisation advances have meant that processes which previously required sending documents or being in person at an office can now be carried out entirely remotely. Our VideoID technology is a clear example of this system, as it allows the onboarding of customers remotely and in just a few seconds through an automatic process equivalent to face-to-face.
Read more in the article VideoID, the new standard in remote video identification.
Once registered in the system, the user will be able to access the system by proving their digital identity. Whichever online identity authentication methods are used, the platform will have one or more of these factors:
- Something that the user knows and only the user should know (passwords, security phrases).
- Something that the user has (a token device or a card containing an electronic signature).
- Something the user is (biometric traits).
The two-factor security authentication method is typically used in services that handle sensitive data, such as financial services or e-commerce. The username and password are used as the first level of identification to access the platform, be it e-commerce, a bank or an insurance company.
When carrying out a transaction (for example, a purchase or a transfer), a second identification factor, including facial recognition or numerical authentication methods, such as one-time keys, will be required. These are two of the options offered by our Electronic Signature solution (simple, advanced or qualified).
Biometric user authentication systems
Biometric authentication methods rely on detecting person’s unique traits and comparing them with a previous record to confirm identity.
It is tempting to choose a single biometric user authentication system that is valid for all businesses. Still, the truth is that each company must select the one that suits them best by analysing the pros and cons of each.
In any case, the choice can be made based on these criteria and always assuming that you are dealing with reliable providers:
- Flexibility: The different contact points between the customer and the company may require several different authentication methods. It is unnecessary to offer all the systems on the market, but as many as needed.
- Ease of use: The solution must be accessible and intuitive for all users, both customers and the professionals in charge of its development and supervision.
- Integration: The chosen service must be compatible with the company’s platform through an API that is easy to implement. It must also facilitate the automation of processes before and after authentication.
Voice recognition
Voice recognition is based on the identification of the voiceprint, which is unique to each human being. This uniqueness can result from the physiological parameters of individuals (length of the vocal cords, shape of the oral cavity, position of the teeth) forming a unique set that generates a specific and isolable sound wave.
When it is possible to use voice biometrics in an enclosed environment with complete silence, it is very convenient. As a customer authentication method, it is a very secure system, but recognition can be affected by background noise or speech problems.
Fingerprint
Fingerprint identification is the most established of the biometric methods of authentication. As with voice and face, fingerprints form unique and recognisable patterns.
An increasing number of mobile phones have integrated scanners for fingerprint identification. However, the technology is not yet as widespread in computers and other devices, although we can see it being included more and more.
Facial authentication
Facial authentication refers to the technology capable of identifying or verifying a subject through an image, video, or any audio-visual element of their face. Generally, this biometric authentication system is used to access an application, system, or service and works like a face scanner.
This digital authentication method uses face and head measures to verify a person's identity through facial patterns and data. The technology of this facial user authentication system collects a set of unique biometric data of each person associated with their face and facial expression to authenticate them.
Facial authentication methods
The face identifier procedure requires any device with digital photographic technology to generate and obtain images and data necessary to create and record a biometric facial pattern of a person that needs to be identified.
Facial authentication is one of the best authentication methods, as it has several advantages, such as:
- The fastest process: allows for a quick and smooth remote digital authentication.
- User experience: facial API authentication methods offer unique, smooth, and fast user experience, avoiding the need for time-consuming office visits or video conferences and waiting times.
- Security: like fingerprints or voice, each face is unique and has inimitable characteristics. Facial user authentication systems use algorithms to compare data and liveness through facial traits and expressions.
- Compliance: Facial authentication through VideoID is the only method recognised as a standard for remote identity proofing for high-risk operations (for instance, opening bank accounts or signing contracts).
Video identification is the only process recognised by eIDAS to enable remote customer onboarding and is used both in the financial services sector and in some government institutions. Other forms of facial recognition, such as the selfie, are not as secure because a static image is more susceptible to spoofing or impersonation.
E-signing as user authentication system
The electronic signature is one of the best authentication methods known and has the advantage of being used in all types of transactions, both with a private company and in procedures with public administration. Digital signature authentication provides a user with a mechanism for identification equivalent to face-to-face identity verification and allows them to sign contracts or make requests.
An electronic signature is a data set that can be used to identify the signatory. The eIDAS Regulation specifies three types of signatures according to the degree of confidence in the identification of the user: simple, advanced and qualified. Each has its specific uses.
Simple Electronic Signature
Of the three types of electronic signature, the Simple Electronic Signature is the easiest to acquire but also offers a minor degree of trust regarding whether the user is who they claim to be. The eIDAS provides a basis on which its legal admissibility cannot be denied.
Advanced Electronic Signature
An Advanced Electronic Signature makes it possible to identify the signatory and detect any subsequent changes to the signed data.
According to eIDAS, an Advanced Electronic Signature fulfils the following requirements:
- It is uniquely linked to the signatory.
- It allows the signatory to be identified.
- It has a high level of trust because it is under the signatory’s exclusive control.
- It is linked to the signed data so that any subsequent modification of the signed data can be detected.
Qualified Electronic Signature
The Qualified Electronic Signature provides the highest level of security of the three, and its legal value is equivalent to that of a handwritten signature.
Signicat solution QES Multi follows all digital signature and authentication protocols set by eIDAS and AML and identifies customers in one single flow that takes seconds.
Authentication vs authorisation
Although we often can see authentication and authorisation being used interchangeably in many reads, they are not the same. Both are different processes that mainly protect a company or organisation from cyberattacks and fraud. Simply put:
Authentication is the process of confirming a user is who they say they are.
Authorisation is the process of giving those users permission to access resources or products.
They usually come one after the other since the authorisation of a client is granted after authenticating them. However, authentication does not always result in granting access. A client can be authenticated and then not authorised, given the circumstances.
We can see a quick overview of the differences:
Authentication | Authorisation |
Proves the user is who they say they are. | Determines what resources users can or cannot access. |
Challenges the user to validate credentials (OTP, facial recognition, fingerprints) | Verifies if access is allowed through the company’s rules and policies. |
Usually performed before authorisation | Usually performed after correct authentication. |
Signicat, digital authentication solutions
ID Documents and Biometric verification
Step-up your global onboarding process with optimal, automated and compliant identity verification with Signicat’s VideoID: identity document and biometric verification based on video in streaming. All accessible through a single point of integration. VideoID’s artificial intelligence algorithm not only performs user’s identification and digital ID authentication but also reduces the process time to minutes, preventing fraud in real-time.
Secure login with user authentication
An easy and secure login is the key to a smooth customer journey. Get multi-factor login with electronic IDs, biometric scanning, SMS/email OTP and in-app solutions. Meet all requirements for compliance, and improve UX while you're at it.
At Signicat, we are at the forefront of strong digital authentication methods. If you want to protect your users while improving your conversion rate, request a meeting with our team of experts, who will advise you about which API authentication methods are best for your use case without obligation on the best solution for your business.