Customer authentication for credit and debit card users is a critical function that has yielded sub-optimal results. Customer authentication is generally initiated when a customer acquires an account or attempts to use or service the acquired account through one or more of a number of channels. Today, the process of customer authentication is inconsistently supported across channels such as Internet, phone, bank branches, and ATMs. Currently, financial institutions embed authentication policy within each internal application and the applications accessed may vary depending on the channel through which interaction occurs.
A customer view of the financial institution is through the channels set forth above. Thus, the customer experiences inconsistent authentication processes when attempting a variety of actions, such as new account screening, transaction authentication, and servicing authentication, through one of a number of channels. FIG. 1B illustrates a typical authentication environment that operates to authenticate customers accessing applications through multiple channels. Customers 102 interact over channels 100 with applications 150. The channels 100 may include for example telephone 100, face-to-face 120, and web 130. The applications may include a VRU application 152, a Branch application 162, and web applications 172 and 182. Each of the servicing applications 150 may include its own authentication rules 154, 164, 174, and 184 respectively. Thus, through each of the channels 110, 120, and 130, customers may be confronted with a different process in order to access services. Without a centrally managed authentication platform, customers are subjected to inconsistent treatment when entering the system through any given channel.
Additionally, because the various applications perform authentication procedures in isolation, no standard format or capability is provided to track, record, and monitor customer interactions. The failure to provide tracking, recording and monitoring results in an inability to detect risky transaction patterns. Individual lines of business within an organization may monitor their own channels, but are unaware of events occurring over other channels. Risky patterns necessitate changes to policy, which currently fail to occur because of the lack of detection of these patterns in the currently existing distributed environment. Even upon detection of risky patterns and subsequent policy changes in the existing systems, in order to effect these changes, each and every servicing application would require modification. Thus the system has an inability to quickly adapt to new threads and emerging technologies.
Furthermore, current systems typically apply authentication policies that fail to differentiate between types of transactions, accounts, or account holders. Thus, the current customer authentication model does not assess or leverage cross-channel transactions or behavioral risk. Currently existing systems fail to capture risky interactions across all channels and lines of businesses and therefore fail to execute risk-based authentication. As a result, authentication policy is typically uniformly applied regardless of the type of interaction or channel, even though some types of interactions are much riskier than others.
Another difficulty with the existing systems is that they fail to combat increasingly sophisticated fraud techniques. Perpetrators of fraud strive to find the point of least resistance and continue to access the system through that point. These are points at which personal information is more easily accessible, placing privacy and security at risk, and resulting in exploitation of customers identities. The technology landscape is advancing rapidly and threats are increasingly sophisticated.
Thus, a solution is needed that considers particulars of the customer, the account, the channel, the application, and the requested interaction. Cross channel risk policy should track, record, and assess cross-channel customer transaction to understand and appropriately apply risk based authentication. The solution should be capable of selecting an appropriate authentication level based on such factors as transaction risk and customer account history. The solution should be centrally managed and executed in order to support appropriate, specific, and consistent strategies.