Content of Figures
Commissioned by OneSpan
1 Executive Summary
The financial services industry faces a number of increasingly difficult challenges today. Organizations in this industry have often been at the foref ...Login Free 30-day Select Access Get full Access
- Financial cybercrime is on the rise, and attacks are getting more sophisticated.
- Many bank executives are unaware if they have been breached and i ...
3 Cybercrime in the Financial Industry
Cybercrime is a leading cause of loss in the financial industry and this is the biggest concern for bank executives. Account takeovers are an especial ...Login Free 30-day Select Access Get full Access
4 Finance Sector Regulations Driving Changes in Cybersecurity
Regulations in the financial sector are improving transaction security by requiring technical features such as MFA and risk analytics. New York’s Cy ...Login Free 30-day Select Access Get full Access
4.1 New York Cybersecurity Requirements Regulation (NYCRR)
NYCRR sketches out some high-level objectives for cybersecurity programs without “being overly prescriptive”. Financial service companies, defined ...Login Free 30-day Select Access Get full Access
The main goals of PSD2 are:
- Contribute to a more integrated and efficient European payments market
- Improve the level playing field for payment ...
5 Evolution of Risk-based Authentication
Risk-based authentication for higher identity assurance is fundamental to reducing risk of fraud and data loss in the financial sector. Stronger authe ...Login Free 30-day Select Access Get full Access
The problems with username/password authentication are well-known. Both usernames and passwords are easily and often forgotten. Password resets are ex ...Login Free 30-day Select Access Get full Access
Knowledge-based authentication is still a widely-used authentication method, even in finance, despite its inherent security problems. KBA involves set ...Login Free 30-day Select Access Get full Access
5.3 Token-based Authenticators
Fortunately, better alternatives to passwords exist. Many enterprises have deployed smart cards, USB tokens, or other types of strong authentication ...Login Free 30-day Select Access Get full Access
Multi-factor authentication covers a wide-range of authenticators. Clients of financial services must use strong/MFA methods to access financial resou ...Login Free 30-day Select Access Get full Access
5.5 Risk-based Authentication and/or Transaction Risk Analysis
Many CIAM and IAM solutions on the market today support the principles of MFA and SCA. Companies that have to comply with NYCRR’s MFA or PSD2’s SC ...Login Free 30-day Select Access Get full Access
6 OneSpan Intelligent Adaptive Authentication for Financial Use Cases
The OneSpan Intelligent Adaptive Authentication solution provides risk-based adaptive authentication functionality, risk analytics and mobile applicat ...Login Free 30-day Select Access Get full Access
6.1 OneSpan Intelligent Adaptive Authentication for MFA
OneSpan supports many authentication mechanisms including hardware OTP; email/SMS OTP; Mobile biometrics – iOS and Samsung native apps, and OneSpan ...Login Free 30-day Select Access Get full Access
6.2 OneSpan Intelligent Adaptive Authentication for Transactional Risk Analysis
OneSpan Intelligent Adaptive Authentication provides capabilities that are needed for transactional risk analysis in alignment with NYCRR and PSD2. T ...
OneSpan Intelligent Adaptive Authentication can help banks and FIs improve the customer experience, detect/mitigate/reduce the risk of loss from fraud ...Login Free 30-day Select Access Get full Access
6.3 General Security Considerations
MFA and transactional risk analytics systems do not operate in isolation from other systems. OneSpan Intelligent Adaptive Authentication can send even ...Login Free 30-day Select Access Get full Access
NYCRR is in effect, and PSD2 RTS is fast approaching. This may require major technology insertions for many banks and TPPs. IAM/CIAM infrastructure ma ...Login Free 30-day Select Access Get full Access
7.1 Recommendations for Conducting an IAM Maturity Assessment
- Inventory existing IAM and risk management infrastructure: Does it support MFA? Which authenticators? Does it have sufficiently advanced risk analys ...
7.2 Recommendations for Meeting NYCRR MFA and PSD2 SCA Requirements
- Deploy or utilize advanced MFA solutions that offer a good mix of authentication options, particularly emphasizing mobile authenticators. Choose sol ...