Evolving Views On Security
SAN FRANCISCO-Users of mobile banking now believe that biometric identification-which rose in its rating-and the use of security questions or knowledge-based authentication (KBA)-which declined in its rating-are equally effective in mobile authentication, according to a new study.
The Javelin Strategy & Research report-"2010 Authentication Report: Knowledge-Based Authentication Dominates While Biometrics and One-Time Passwords Advance Among Mobile and Online Bankers"-also found that the perceived effectiveness of one-time passwords rose 12% in the minds of both mobile and online bankers. "Form factor plays a significant role in influencing consumers' preferences for authentication method, illustrating the challenges in designing online and mobile banking systems," the study suggests.
"The small screen size and keyboard of the mobile device make biometric identification such as voice verification or fingerprint scan appear more effectual to mobile bankers and indicate a possible sea change for the future of authentication and security in general," said Mary Monahan, research director. "Mobile presents the best opportunity to add new technology and is also more practical since mobile consumers upgrade their handsets faster than laptop users upgrade their laptops."
Among the other findings related to P2P mobile money transfers:
- Both mobile and online bankers are most familiar with the use of security questions and PIN entry for authentication.
- Mobile and online bankers would increase their online activity if they had biometrics to verify their identification.
- One-time passwords can be generated by a hardware token, through software on a PC or mobile device or can be sent via SMS text message.
"For years, biometrics has been rated high in consumer surveys despite the absence of biometrics in the hands of consumers," said Robert Vamosi, Risk & Fraud Analyst. "That trend is changing now with touchpads that can record fingerprints and built-in webcams for facial recognition on the laptop and mobile handsets that can recognize the owner's face, touch or sound of their voice. One-time passwords have been around for years, but have not achieved widespread adoption. The confluence of increasing user acceptance and perceived effectiveness of both biometrics and one-time passwords for authentication along with usable solutions creates a perfect opening for these authentication methods."