The AI knows best

Issue 2 2022 Access Control & Identity Management

The competitive advantage in modern business relies more on the customer experience. With the availability of technologies such as AI, data has become the most valuable asset. AI is turning our online behaviour and even our common mistakes and typing quirks, into an effective way to keep us safe while making our user experience simpler and faster – a big win for companies looking for a UX advantage in an increasingly competitive digital landscape.

Card-not-present fraud remains a real threat to South African shoppers, accounting for 80% of credit card and 54% of debit card fraud last year according to SABRIC statistics. However, potential security solutions can be weighed up against creating too much friction and depreciating the user experience.

Jonathan van der Merwe.

“As humans we are used to identifying people by various means. One person may be very tall, another may be wearing unusual glasses. In a similar way, we all have unique ways of interacting online, whether we are aware of it or not. The huge computing power of AI and machine learning allows us to passively authenticate an entity by determining behavioural patterns online. Risk-based authentication (RBA) is helping organisations, including some banks in South Africa, to seamlessly authenticate a user’s journey by collecting various data points and signals,” explains Jonathan van der Merwe, product manager at Entersekt.

RBA makes use of the vast computing power of machine learning to analyse thousands of data points to determine how risky a transaction may be. This includes obvious markers such as the type of device, the IP address, geolocation markers, the network, the time of day and even the type of transaction. It also makes use of user-specific markers that the system learns over time.

“The way we engage online can easily differentiate us as users. By activating behavioural analytics, passive biometrics, as well as the device intelligence, it is possible to produce a risk transaction score for each user in real-time. Then, depending on the risk score set by the organisation, RBA can trigger an immediate authentication challenge if needed. The power of AI and machine learning means that we are able to bring security down to the individual user level. The power of this is not just added security for customers, but it means we can offer a near frictionless experience – the nirvana of digital commerce,” Van der Merwe says.

Relying on centuries old insight

After the first telegraphic message was sent from Washington, D.C. to Baltimore in 1844, telegraph operators quickly learned to identify fellow operators by their unique style. Today, our RBA engines are also able to identify individuals using keystroke dynamics which tracks how we enter data through a keyboard. Even our habitual spelling errors, how hard we tap our touch screens, or at what angle we hold our device, all form part of the behavioural biometrics that advanced AI can use to determine if we are who we say we are.

“When transacting, Entersekt’s engine will apply that ‘normal behaviour’ in conjunction with device identification to determine user identity. If deemed a low-risk payment it won’t generate the usual speed bumps like OTPs or authenticating yourself through your banking app. However, if your behaviour sets off a flag – perhaps you are moving your mouse in an unusual way or you appear to be in a country that you don’t usually transact from – then step-up authentication will be required.

This can take the form of an in-app push prompt, a FIDO-certified security key, or any of a number of options we use. With a little help from smart risk-scoring technology and the collection of positive and negative behavioural signals, payments can become almost seamless,” Van der Merwe explains.

Tapping into continuous learning and progression

“People want their bank, insurance provider or any company that has access to their money or information, to offer the most sophisticated and slick experience. We judge today’s brands by their digital offering and being able to combine extra strong security without the clunky authentication processes so many still use,” shares Van der Merwe.

Looking ahead, Van der Merwe is also quick to point out that the power of machine learning and AI means companies that deploy RBA engines now are best placed to benefit from new advancements in the future.

“We see AI enabling a future of continuous risk assessment. So, after login the engine will monitor if a user behaves consistently across the entire session. If, for example, your typing speed dramatically changes, or if you are in a Firefox browser and then on the very next page you are using Chrome, this will trigger an alert that your session may have been taken over. This zero-trust principle to never trust, always verify, will further help organisations reach the goal of a truly safe and frictionless experience,” he predicts.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Enterprise identity fraud prevention
Access Control & Identity Management
Trustmatic brings government-grade facial 1:N search capabilities to the cloud, supporting face deduplication and identification against watchlists, and providing seamless integration via REST API.

ZKTeco Experience Centre
ZKTeco News Access Control & Identity Management
ZKTeco South Africa has opened the doors to its innovative and interactive space, the ZKTeco Experience Centre in Centurion, Pretoria and welcomes visitors to partake in the ‘Powered by ZKTeco’ experience.

Touchless school access control
neaMetrics Suprema Editor's Choice Access Control & Identity Management Integrated Solutions Education (Industry) Products
Wolverhampton Grammar School deployed a Suprema access control solution, integrated with Paxton to resolve its legacy access control challenges.

Visible light facial recognition
ZKTeco Access Control & Identity Management
The ZKTeco SpeedFace-V5L [TI] is a fully upgraded version of the SpeedFace-V5L [TD] visible light facial recognition body temperature detection terminal, supporting facial and palm recognition.

Smart, efficient and green
Salto Systems Africa Access Control & Identity Management
Battery life and seamless use is particularly important in an electronic access control solution that relies on battery-operated locks.

Over 50% growth in use of digital documents between 2022 and 2026
Access Control & Identity Management Security Services & Risk Management
The number of users of digital identity documents is expected to exceed 6,5 billion globally in 2026, enabling rapid advances in eGovernment services.

Biometric authentication to SAP
Access Control & Identity Management
SecuGen has announced the exclusive integration of SecuGen fingerprint readers with realtime North America’s bioLock software.

Access to copper mine
Access Control & Identity Management
Since 2019, Flow Systems has assisted Kamoa Copper with quality access control equipment building on the team’s expertise for designing and manufacturing machinery.

Major food supply chain secured
BoomGate Systems Access Control & Identity Management
The recently completed major installation at Lynca Meats Meyerton was the start of a new market strategy for Boomgate Systems in primarily dealing with security integrators.

Computer vision-based access control device
Duxbury Networking Access Control & Identity Management
SAFR SCAN is Real Networks’ first integrated hardware-software product offering a combination of facial recognition, computer vision and image capture technologies to meet a broad range of access control and workforce management applications.