Following Generation Y users increasingly demand continuous access to all their digital services. Of course, the ease of use greatly if we can anytime and anywhere banking, have access to all our data and can instantly communicate with friends and colleagues. But that 24/7 connectivity are also risks. Only a very strong form of authentication keeps us and our data safe. But how do we make that happen?
Call them Generation Y or digital natives. They are in their twenties to their lives already accustomed to always and everywhere connected digitally. Wherever they are, they can always communicate with friends. Make arrangements to do it through social media and there is no time they have no access to their bank and their money. Their whole life takes place online. Some observers see this as a big risk, precisely because all their data online. There is only one mistake and need cyber criminals plunder their bank account, steal their identities and blackmail them with perhaps overly wild nightlife pictures. But there are plenty of analysts who believe that this generation is the first group who is seriously willing to adopt new technology, precisely in order to protect their online achievements.
Preference for mobile
Security specialist Vasco wrote a white paper on security and Gen-Y “Authentication for the Next Generation”. How Gen Y is changing the way we protect our digital lives? This group of 20-somethings plays an increasingly important role, both in society and economy. Figure 1 presents a picture of the use of apps for mobile banking versus banking through a website from a desktop or notebook under a number of generations. Digital natives have a clear preference for mobile apps for making payments, where older generations although like online banking, but preferably from a computer and using a browser.
Innovative technology
Generation Y realizes very well that mobile banking can bring forth some risks. Therefore, they expect a lot from the technology that must protect themselves and their data. For example, this technology must be easy to use. The solution should be fully integrated in the mobile device of their choice, or must be built into the apps they use. High demands, but innovative technologies for authentication that meet these requirements, can count on a clear adoption among 20-somethings.
Huge development
In recent years, authentication has undergone a huge development. 25 years ago we were still working with one-time passwords generated on hardware tokens. Now, these devices have drastically modernized. Some suppliers offer a token with USB connector, other suppliers provide a token with a keyboard to enter a PIN. Also QR codes or other cryptographic images are integrated in new solutions. In addition, software-based tokens are available. These run on a smartphone and generate one-time passwords. Other software solutions send an SMS with a code or use biometric options. Even selfies are used.
Modern authentication
Gen Y requires an authentication method that is as easy to use as the way they check WhatsApp or Facebook. In addition, they also look for added convenience. Rather than withdrawing money from an ATM, they prefer to transfer money via wireless payment methods that send data directly toward a supplier. Think about a coffee shop where not only the payment is settled in a secure manner, but also directly passes the desired coffee – all with a single swipe. Therefore, a modern authentication solution does not only have to ensure that the data of the user is safe, but it is also very important that the user has additional ease of use. This combination is critical to the adoption of new technology by Gen-Y. Some modern authentication methods are explained below.
Twenty-sometings are 24/7 online. They are so digitally native and so used living their live online. This gives an impulse to the new ways of working, but also to new security methods that offer online safety. How could we do that? In the whitepaper “Authentication for the next generation”, security specialist VASCO Data Security gives a number of options.
CrontoSign Visual Transaction Signing
A series of scanning-based algorithms is a new twist on the old QR codes. This technology is available in both hardware and software form factor. Hardware devices contain a camera, which automatically scans and decodes an encrypted image containing transaction data, and then presents the data visually to the user for verification.
VASCO CrontoSign increases security by providing “sign what you see” capabilities to the user, while creating mutual authentication between the user and the service provider for the strongest protection against targeted Trojan attacks, including Man in the Middle (MitM) or Man in the Browser (MitB).
Online transactions via Bluetooth
DIGIPASS GO 215 is a good example of an authentication solution that sends the one-time passwords via a bluetooth connection. The device generates the code that is sent directly to the app, so the user doesn’t have to type in a password.
Authentication without actual user-initiated authentication
The idea here is to build in authentication as part of the web or mobile application itself, to secure the integrity of the application, and protect the entire transaction from any exploit. VASCO’s DIGIPASS for Apps is an SDK that turns any app developer into a security expert, enabling them to protect the entire mobile app ecosystem (application, device, platform and user) with a single integration.
Risk-based methods
With risk-based authentication, access and transaction decisions are based on a dynamic series of circumstances. These count as the additional authentication factor, rather than rely on a particular set of tokens or pieces of smartphone software. Access to a particular business application goes through a series of trust hurdles, with riskier applications requiring more security so that users don’t necessarily even know that their logins are being vetted more carefully. Moreover, this all happens in real time, just like the typical multifactor methods. These newer methods include examining your role, or your location, or particular transaction patterns or activities.
