Written by Guido Ronchetti, CTO at XTN Cognitive Security®
Since when cybersecurity has become a mainstream topic, consumers expect higher levels of data security from critical digital services. At the same time, they hope the access to digital services is easy as Amazon OneClick. Ease of use has become of growing importance in the security industry.
We’ve talked countless times about how often security is underestimated for an easy and frictionless user experience. Many digital services still ignore that you can have both simultaneously without giving up one or the other.
Today technologies as behavioral biometrics and behavioral analysis techniques let security be a transparent layer that highly protects the consumer from being harmed without impacting the user experience.
From a compliance point of view, the PSD2 and Open Banking regulations have been part of our daily routine of accessing payment services for a couple of years. Most banks have approached PSD2 introducing Strong Customer Authentication (SCA) without applying exceptions and introducing bulky authentication processes burdening the customer. This is an excellent example of how a security measure to protect the consumer could become a usability difficulty for the service’s user.
Let’s analyze a business case that shows how to improve security while preserving a smooth user experience. One of our clients is an EU-based multi-national innovative bank that provides all its services through mobile and web apps. They process about 30M transactions every month, and they provide retail banking services with a strong accent on financial management and advisory.
Initially, they asked us to block a malware campaign targeting their app. Quickly, after adopting the XTN Cognitive Security Platform®, they realized that our continuous behavior-based risk evaluation could be used to build user-tailored profiles to access critical features. In particular, they wanted to protect some of the essential functionalities by defining different challenges based on the real-time risk score and relying on SCA exceptions when possible. With XTN Cognitive Security® technology continuously providing risk evaluation and integrated with their services in real-time, they achieved risk-dependent flows.
The result is impressive: the user can always access the service experiencing a tailored app responding to the identity and security treats dynamically detected by the service. In a few words: excellent user experience, higher security standards, and completely autonomous process without human interaction needed on both sides.