Prevent Fraud and Account Takeovers with Signicat's MobileID Face Authentication
In today's digital landscape, safeguarding mobile applications against fraud and account takeovers is crucial. Signicat has introduced a cutting-edge feature within their MobileID solution: Face Authentication.
This advanced technology provides robust security while ensuring a seamless user experience. We interviewed Simone Andersson, Product Manager for Mobile Identity, and Johan Sörmling, Tribe Lead Mobile Identity at Signicat, to explore the benefits and functionality of this new feature and how it revolutionizes mobile authentication.
Q: Please, present MobileID and how it helps our customers
A: MobileID is Signicat’s Strong Customer Authentication product that helps our customers authenticate their end-users in a very user-friendly way without context switching from app to app. It offers unparalleled security and a best-in-class user experience with an amazing success rate of over 96%. MobileID enables our customers to have full control over the user journey, building their own identity rather than relying on other identity suppliers. By doing so, we help our customers boost conversion and success rates, driving engagement up to social media levels.
Q: So now... we have a new feature in MobileID called "Face Authentication". Can you please explain this new feature in a few lines?
A: Face Authentication is a new device-agnostic authentication method within MobileID. Once activated, it can be performed on any device, verifying that the right user is present during any operation. It can be used as a step-up authentication for high-risk transactions or when recovering MobileID credentials to a new device or adding a second device. It effectively prevents phishing and account takeover attacks.
Q: How is it different from the biometric authentication of FaceID?
A: FaceID and other biometric methods present on devices are considered device-native biometrics, where the data is stored on the device, and the user needs that specific device to perform biometric authentication. In contrast, Face Authentication gathers the biometric data on the device, but the data is sent encrypted and matched on the MobileID backend, allowing it to be used from any device.
Q: What types of fraud is it preventing today?
A: Face Authentication effectively prevents and stops phishing attacks where users are tricked into performing authentications that fraudsters use to add new devices, as well as account-takeover attacks. With Face Authentication, we can verify that the specific user who onboarded to MobileID is performing the operations, preventing fraudsters from adding devices. It can also be used as step-up authentication for transactions marked as high-risk, providing an extra layer of security for those specific transactions.
Q: How did you come up with the idea of "Face Authentication"?
A: The idea was customer-driven. We had customers struggling with fraud during the onboarding phase, needing to verify that the right user was performing operations such as adding a new or second device. Adding a server-side biometric authentication component provided a strong mitigation to this attack, leading us to investigate and integrate this feature into MobileID.
Q: How is Face Authentication adding a "more secure" layer to the authentication and approval processes?
A: By offering a new authentication method on top of an already multi-factor product, Face Authentication can be used for authorizing transactions and operations and verifying that the user who onboarded to the service is indeed the one performing these actions.
Q: Who might benefit from Face Authentication? Is it only for companies from regulated sectors or can it be any organization?
A: Any organization that needs to identify their end-users remotely and with strong authentication can benefit from Face Authentication and MobileID. It is a true omni-channel authentication product that offers unmatched user experience without compromising on security.
Q: With which regulations is MobileID compliant?
A: MobileID supports financial regulations in the markets where we operate and is compliant with PSD2 RTS for SCA. It also supports GDPR, allowing our customers to configure what data they collect from end-users with MobileID.
Q: Do organizations need MobileID to have access to Face Authentication?
A: Yes, currently, MobileID is a requirement to access Face Authentication. However, we are planning to release Face Authentication as a standalone authentication method that can be used from any device, whether through an app or a web browser. This means we will offer a single-factor biometric method with Face Authentication that could be combined with any other authentication methods or products.
As mobile application security becomes increasingly vital, Signicat's MobileID Face Authentication emerges as a powerful tool to prevent fraud and account takeovers. By leveraging advanced facial recognition technology, this feature ensures secure and convenient user access. Stay ahead of potential threats with Signicat's MobileID Face Authentication, ensuring your mobile applications remain secure and user-friendly.