Passwordless security for consumer-facing websites

At RSA Conference 2016, iovation launched its new Customer Authentication service that allows consumer-facing websites to enhance security while streamlining and improving the customer experience.

Passwordless security

The easy-to-integrate device authentication service eliminates friction by allowing consumers with “known devices” to bypass passwords and immediately access relatively low-risk but still confidential sections of their online accounts—like account balances, shopping records and activity histories. If needed, iovation’s device authentication triggers stronger “step-up” authentications like one-time passwords for higher risk actions like user and account changes, money transfers, or purchases.

iovation’s newest authentication service incorporates “fuzzy logic” algorithms that flexibly accommodate updates and minor changes—like fonts or colors that are added by new apps, or normal updates of browser or firmware versions—to maintain accuracy even as devices evolve.

Unlike competing algorithms that use only cookies or IP addresses or rely on algorithms depending on exact matches, the new Customer Authentication service offers greater elasticity for fewer false negatives while still identifying key device characteristics. This kind of SaaS-based device authentication is the first step along the road to “continuous authentication” that will validate not only logins, but still prevent man-in the-middle, man-in-the-browser and spoofing attacks at any point during a customer’s session.

The new authentication service is built on iovation’s 12 years of research in device identification and fraud prevention. It leverages iovation’s intelligence about the behavior of more than three billion known devices to provide instant risk-based, real-time checks against devices attempting to access new areas of a site. Some of the world’s largest financial services companies are already using the new service to quickly improve customer-centric workflows while maintaining the most advanced security practices.

“If the first generation of Internet security was about finding holes and the second was about patching them to keep the bad guys out, the third generation—especially for consumer sites—is about striking a balance between fraud prevention and customer experience,” said Scott Olson, vice president of product at iovation. “Advanced authentication technologies fingerprint devices of any type with astonishing accuracy, which helps information security teams enable and accelerate commerce and defeat identity-masking hackers while keeping real consumers in the fast lane.”

iovation’s Customer Authentication service provides an end-to-end solution encompassing both authentication and fraud prevention providing strong protection against account takeover while adding minimal friction to the login process. Pricing is based on use volume.

RSA Conference 2016


Subscribe to the Help Net Security breaking news e-mail alerts:


Don't miss