Mobile Payments, Transactions & Authentication

Sr. Principal Consultant

CA Technologies

Rob Wilson

Mobile Payments?

Don’t have enough cash for those beer battered shrimp tacos and

specialty burger from your favorite food truck?

Want to order that limited edition red vinyl album by one of your favorite bands before they sell out to every kid in Toronto?

Forget to pay your cell phone bill and it’s moments from shutting off?

Mobile payments will save you!

Why the Interest in Mobile Payments? The Explosive Growth of Mobile Devices

What is a Mobile Payment Anyway?

Mobile Payments & Transactions Use and Growth

Have you Purchased Something with Your Mobile Phone?

Why Do People Use Mobile to Pay?

Why Mobile Matters To Financial Institutions

8

Authenticating Mobile Payments & Transactions Walking The Tightrope

Maintain a Balance Between Security and User Convenience

On the one hand you need to reduce risk of identity theft and fraud

On the other hand you need to make the experience simple

Complex process, & changes in behaviour drive up help-desk calls & frustrate users Do not drive users to more expensive channels, or the competition Don’t Forget! You need to contain costs of the solution • Not all transactions are equally risky • Be proportionate to perceived risk

Adding Risk Based Authentication for Mobile Transactions

10

Motivations for Risk Based Authentication

11

Motivations for Risk Based Authentication

5. Easy to Deploy − Server side implementation

− Minimal to no client side integration

4. Works Well on Mobile − Fingerprinting mobile devices

− Soft token integration on SmartPhones (step up authentication)

− Transaction Signing integration with Smartphone OTP & soft tokens

3. Flexible Adaptable to mobile, kiosks, telephone voice response etc..

2. Easy to Use Users don’t see what’s happening and experience unchanged

1. Cost Effective The SmartPhone as Multifactor Authenticator (OTPs, Soft Token, SMS/text/email etc)

No additional client hardware 12

Need to Ensure Mobile Transaction Fidelity

Is this the real person?

Is this the intended

transaction

Has the transaction been

modified?

Can the transaction data be securely

conveyed?

Kiosk Web Portal

Mobile App

ATM eCommerce Fax Telephone In-Branch Documents VPN

Verifying Who is Making a Mobile Transaction

• Device Identification

• Identity Vetting

• Password

• Q&A

• ArcotID – 2FA

• Dynamic Pass-codes – SMS/email/voice

• Mobile as a token

• Predictive Modeling

Is this the real person?

Is this the intended

transaction?

Has the transaction

been modified?

Are They Making a Reasonable Purchase?

• Predictive Modeling

• Configurable Rules

• Flexible Alerts – SMS/email/voice/CSR

• Identity Vetting

Is this the real person?

Is this the intended

transaction?

Has the transaction

been modified?

Ensure the Transaction Integrity

Is this the real person?

Is this the intended

transaction?

Has the transaction

been modified?

• Virtual Private Session

• Out Of Band Confirmation

• Transaction Signing – with OTP

• Transaction Signing – with PKI

Transaction Signing – OTP based Transaction Details

1

Launch Application

3

Enter PIN, Challenge &

Amount

4

Get Back OTP

2

Select Account

Authentication Using QR Codes

18

Using QR Codes During Authentication CloudPass® Instant Online Banking Logon

19

Customer Reads the CloudPass® QR Code With Their Mobile Application and is Automatically Logged In to Their Bank Site

Reduce Online Fraud Well Known Example

Challenge: How to Reduce Fraud and Increase Consumer Confidence

High levels of Card Not Present (CNP) fraud

Low consumer trust affecting eCommerce growth

Solution: 3-D Secure (Verified by Visa & MasterCard SecureCode)

3 Party solution (Merchant, Issuer, Card Scheme)

CNP shoppers authenticate directly with the card issuer whilst

on the merchant web site.

Customers

Issuing banks, merchants, card schemes & payment service

providers.

Cardholder Authentication for Online Purchases

CA Digital Banking & Payments Solution

22

Online Checkout w/credit card

Person to Person Payments

Online Checkout w/cloud wallet

Mobile Wallet

Software & Cloud Based Mobile Wallet

Lower Cost of Ownership

Multi Channel Security

Better Customer Experience

$

Identity Authentication

Across Channels

Cross Channel Activity Learning

Transparent / Step-up Authentication

Cross Channel Risk Modeling

Online & Mobile Banking

Automated Teller

IVR / Call Center

Social Media Integration

Single Security Policy

Cloud Deployment Model

Lower Consumer Helpdesk Cost

Thank You