The AI knows best

Issue 3 2022 Access Control & Identity Management

The competitive advantage in modern business relies more on the customer experience. With the availability of technologies such as AI, data has become the most valuable asset. AI is turning our online behaviour and even our common mistakes and typing quirks, into an effective way to keep us safe while making our user experience simpler and faster – a big win for companies looking for a UX advantage in an increasingly competitive digital landscape.

Card-not-present fraud remains a real threat to South African shoppers, accounting for 80% of credit card and 54% of debit card fraud last year according to SABRIC statistics. However, potential security solutions can be weighed up against creating too much friction and depreciating the user experience.


Jonathan van der Merwe.

“As humans we are used to identifying people by various means. One person may be very tall, another may be wearing unusual glasses. In a similar way, we all have unique ways of interacting online, whether we are aware of it or not. The huge computing power of AI and machine learning allows us to passively authenticate an entity by determining behavioural patterns online. Risk-based authentication (RBA) is helping organisations, including some banks in South Africa, to seamlessly authenticate a user’s journey by collecting various data points and signals,” explains Jonathan van der Merwe, product manager at Entersekt.

RBA makes use of the vast computing power of machine learning to analyse thousands of data points to determine how risky a transaction may be. This includes obvious markers such as the type of device, the IP address, geolocation markers, the network, the time of day and even the type of transaction. It also makes use of user-specific markers that the system learns over time.

“The way we engage online can easily differentiate us as users. By activating behavioural analytics, passive biometrics, as well as the device intelligence, it is possible to produce a risk transaction score for each user in real-time. Then, depending on the risk score set by the organisation, RBA can trigger an immediate authentication challenge if needed. The power of AI and machine learning means that we are able to bring security down to the individual user level. The power of this is not just added security for customers, but it means we can offer a near frictionless experience – the nirvana of digital commerce,” Van der Merwe says.

Relying on centuries old insight

After the first telegraphic message was sent from Washington, D.C. to Baltimore in 1844, telegraph operators quickly learned to identify fellow operators by their unique style. Today, our RBA engines are also able to identify individuals using keystroke dynamics which tracks how we enter data through a keyboard. Even our habitual spelling errors, how hard we tap our touch screens, or at what angle we hold our device, all form part of the behavioural biometrics that advanced AI can use to determine if we are who we say we are.

“When transacting, Entersekt’s engine will apply that ‘normal behaviour’ in conjunction with device identification to determine user identity. If deemed a low-risk payment it won’t generate the usual speed bumps like OTPs or authenticating yourself through your banking app. However, if your behaviour sets off a flag – perhaps you are moving your mouse in an unusual way or you appear to be in a country that you don’t usually transact from – then step-up authentication will be required.

This can take the form of an in-app push prompt, a FIDO-certified security key, or any of a number of options we use. With a little help from smart risk-scoring technology and the collection of positive and negative behavioural signals, payments can become almost seamless,” Van der Merwe explains.

Tapping into continuous learning and progression

“People want their bank, insurance provider or any company that has access to their money or information, to offer the most sophisticated and slick experience. We judge today’s brands by their digital offering and being able to combine extra strong security without the clunky authentication processes so many still use,” shares Van der Merwe.

Looking ahead, Van der Merwe is also quick to point out that the power of machine learning and AI means companies that deploy RBA engines now are best placed to benefit from new advancements in the future.

“We see AI enabling a future of continuous risk assessment. So, after login the engine will monitor if a user behaves consistently across the entire session. If, for example, your typing speed dramatically changes, or if you are in a Firefox browser and then on the very next page you are using Chrome, this will trigger an alert that your session may have been taken over. This zero-trust principle to never trust, always verify, will further help organisations reach the goal of a truly safe and frictionless experience,” he predicts.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Unlock data insights and integration
Gallagher Access Control & Identity Management Products & Solutions
Gallagher Security announced the release of its security site management software, Command Centre v9.20, which enables integration with Microsoft Entra ID, a cloud-based identity and access management system that provides seamless synchronisation of cardholders across systems.

Read more...
Gallagher Security opens Cape Town office
Gallagher News & Events Access Control & Identity Management
Acknowledging a significant period of growth for the company in South Africa, opening a second office will enable Gallagher to increase its presence across the region with staff based in Johannesburg and Cape Town.

Read more...
Securing access against unwanted visitors
Intelliguard Access Control & Identity Management Residential Estate (Industry) Products & Solutions
In today's residential estates and complexes, one of the biggest concerns is preventing unauthorised access, while ensuring a smooth and convenient experience for residents and approved visitors.

Read more...
Smart access for a safer community
neaMetrics Suprema Access Control & Identity Management Residential Estate (Industry) Products & Solutions
Suprema's BioEntry W3 integrates AI-powered facial authentication into a sleek design that prioritises security, privacy and user experience, and even allows users to store their facial templates on their mobiles instead of external devices.

Read more...
Effortless and secure visitor management
Secutel Technologies Access Control & Identity Management Residential Estate (Industry)
Secutel Ventures has introduced SecuVisit, an access control solution designed to simplify visitor management while enhancing security. With two innovative components onboard, SecuVisit ensures seamless visitor check-ins anytime, anywhere.

Read more...
Glovent’s SOS Suite triple protects estate residents
News & Events Access Control & Identity Management Residential Estate (Industry)
One hundred and fifty-three years since the world’s first panic button was introduced in New York City, Glovent offers estate residents three different ways of summoning emergency assistance at the touch of a button.

Read more...
Security professionals gather at Integrate 360
Gallagher Access Control & Identity Management News & Events
Gallagher Security’s Integrate 360 brought together some of the best minds in security, innovation, and technology for two days full of insights, demonstrations, and future-focused discussions.

Read more...
Suprema showcases enterprise security at Integrate 360
Suprema News & Events Access Control & Identity Management
Since 2006, neaMetrics, Suprema’s distributor in Africa, has worked closely with Gallagher, building a robust partnership resulting in seamless integration between Suprema’s advanced biometric readers and Gallagher’s security management platform.

Read more...
New ASSA ABLOY facility opens in South Africa
ASSA ABLOY South Africa iDSystems Impro Technologies Access Control & Identity Management News & Events
ASSA ABLOY announced the opening of its new facility in Durban, South Africa. This new site unites IDS and Impro operations, bringing both manufacturing plants under one roof to create a hub for innovative access solutions.

Read more...
iProov achieves FIDO Remote Identity Verification certification
News & Events Access Control & Identity Management
iProov, iiDENTIFii’s technology partner in Africa, is the first to achieve the new, global certification in face biometric identity verification from the FIDO Alliance, an open industry association whose mission is to reduce the world’s reliance on passwords.

Read more...