Authentication in the financial sector: now and after

The financial services industry – from retail banking to insurance – faces challenges from many different channels: from competitive pressure and regulation to the changing security landscape. These challenges must be addressed while delivering customer-centric, cloud-native, mobile-ready technology and business transformation. But can this challenging environment be a catalyst for innovation that can create a security model that is agile, security-proof, and ready for change?

AppSec/API Security 2022

The history of the financial industry

The ISP backstory


The challenges facing the modern financial landscape are many and varied. From competitive pressures from challenger banks and digital-only insurance companies, to an ever-changing regulatory landscape, historical technology choices have often resulted in a lack of agility due to siled systems and sometimes tactical integrations. Competing solutions – often focused on a niche set of applications or services for functions such as authentication, authorization and visibility – often result in complex operational support processes and low return on investment.

But do these challenges provide a catalyst for a more modern digital approach to security, identity and authentication?


opportunities for change

The ability to respond to competitive pressure and be agile in the face of external events is a key metric for a successful entity operating in the financial services space. But how to achieve it? Safety is no longer seen as an obstacle to technical progress, but only to prevent and control. Security, when deployed in a modular and decoupled way, actually allows the organization to engage in more opportunities that help foster collaboration, integration, and data sharing for employees and clients. A solid, modular security architecture forms the foundation for greater risk reduction as well as improved engagement and ultimately generates revenue.

Where we are now – in numbers

The opportunity to change and deploy a modern security architecture is amplified by the ever-changing threat landscape that players in the financial services industry now face. Fraud, account takeover attacks, credential breaches, account misuse, and synthetic account registration are all prevalent and on the rise – often executed by automated “crime” platforms. as a service” that can be enlisted to perform malicious activities simply by signing up with a valid credit card. Deep technical skills are not required to use these platforms, and the monetary reward for a successful and highly automated attack on a financial operator is significant.

A study conducted by VansonBourne and commissioned by HYPR surveyed 500 IT decision makers in the financial services industry in EMEA and the United States to understand the current impact and perception of this evolving threat landscape.

where we are now

80% of respondents indicated that a recent breach was related to an existing authentication weakness, with the cost associated with authentication-related breaches averaging $2.19 million. Costs that can no longer be ignored by those operating the identity and security landscape.

Phishing attacks, SMS interceptions of one-time passwords, and push notification attacks are on the rise and pose a significant threat to existing multi-factor authentication tools.

So what is the alternative? Legacy authentication components appear to be the main weakness for employee and consumer login and registration journeys. The key technology trend that has emerged to solve both usability and security issues for many financial institutions is that of passwordless authentication – and the removal of reliance on shared secrets in general.

In the survey, the response of the 500 IT decision makers to the benefits of passwordless authentication was quite clear:

Is the answer without password

The old conflict between security and usability is no longer acceptable to the modern consumer, nor technically unobtainable, both of which are seen as the main benefits of passwordless authentication.

Where We’re Headed – Safety Master Plan

A decoupled and composable security landscape must be able to accommodate the widespread adoption and coverage of passwordless authentication technologies.

The ability to provide a passwordless experience for both staff and customers is critical. From a workflow perspective, an end-to-end “desktop-to-cloud” journey needs to be considered, along with the need to integrate passwordless options into a range of on-premises and in-the-office systems. cloud. These integration options should include app, appless, and SDK-based functionality for easy and broad applicability.

Also from a labor perspective, it is common to have to replace existing MFA components such as security keys or legacy one-time password methods, while augmenting existing technologies such as VDI , VPN, and legacy apps with the latest authentication capabilities. With many financial services organizations now relying on an identity-centric zero-trust approach to security architecture, the ability to provide an “end-to-end” FIDO-based authentication experience provides a foundation sustainable and standards-based security.

From a consumer perspective, the use cases are slightly different – the modern security foundation must address the ability to seamlessly register and onboard users as well as the ability to reduce fraud and improve overall MFA adoption and adoption rates.

In summary

Even though financial services entities have been operating for centuries, they continue to evolve, and today’s but under attack digital infrastructure must also evolve. Even operating in challenging competitive and technological environments, the ability to deliver a modern and flexible security fabric has never been more available or more advantageous.

A key element of this security structure is the need to remove passwords from the landscape of employee and consumer users. Passwordless authentication can provide the backbone of a future-proof, secure, and usable digital experience to improve user acquisition and reduce operational complexity.

For a more in-depth exploration, watch the recent webinar where I discuss the evolution of authentication within financial services with Michael Rothschild, VP of Product Marketing at HYPR.

New call to action

*** This is a syndicated blog from the HYPR Blog Security Bloggers Network by Simon Moffatt, guest author, The Cyber ​​Hut. Read the original post at:

Comments are closed.