The document discusses the importance of device-based authentication as a low-friction solution to enhance security and user experience in both consumer and enterprise contexts. It highlights the limitations of traditional multi-factor authentication methods, such as knowledge-based authentication and one-time passwords, which can lead to user mistrust and increased costs. By pairing authorized devices with user accounts, device-based authentication aims to prevent account takeovers while providing a seamless login experience.

1. REDUCE FRICTION AND RISK
WITH DEVICE AUTHENTICATION
Getting Beyond thePassword for
ConsumerAuthentication

2. Authentication
Landscape
Device-Based
Authentication
How it Works
1 2 3

3. Authentication
Landscape

4. “A real-time process that corroborates a claimed digital
identity to yield a specified or understood level of
confidence and trust.”
What is Authentication?

5. ESTABLISHING CONFIDENCE AND TRUST
Known Possessed Inherent
E L E M E N T S O F M U LT I - F A C T O R A U T H E N T I C AT I O N

6. ESTABLISHING CONFIDENCE AND TRUST
Something known to only the user
• Password
• Passphrase
• PIN
• Pattern or a picture
E L E M E N T S O F M U LT I - F A C T O R A U T H E N T I C AT I O N
Known

7. Something possessed only by the user
• Token–such as an OTP token pushed via
text message to a smart phone
• Smart card with X.509 public-key
infrastructure credentials
• Devices you have
Possessed
ESTABLISHING CONFIDENCE AND TRUST
E L E M E N T S O F M U LT I - F A C T O R A U T H E N T I C AT I O N

8. Something inherent only to the user
• Biometric trait, such as face topography,
fingerprint or
typing rhythm.
Inherent
ESTABLISHING CONFIDENCE AND TRUST
E L E M E N T S O F M U LT I - F A C T O R A U T H E N T I C AT I O N

9. • Authentication = passwords
• User Experience critical
• Many online accounts
• Specialized hardware won’t work
EnterpriseConsumer
• Strong multi-factor authentication
• Security outweighs user experience
• Unified enterprise account
• Standardization
CONSUMER VS. ENTERPRISE

10. • Poor user experience
• Conversion, retention
Excessive
Challenges
Cost of Multi-Factor
Authentication
• KBA and OTP
• Tokens
High ATO &
ID Theft at Login
• Consumer credentials are
prime target
ESTABLISHING CONFIDENCE AND TRUST

11. FACTS ABOUT STEP-UP CHALLENGES?
Knowledge-based authentication (KBA):
‒ Failure rate of 10-15%, up to 30%
‒ Leads to mistrust and alienates users
‒ Drives up customer service costs: Average
cost of $12-$15/call
Source: Gartner, When Knowledge-Based Authentication Fails, and What You Can Do
About It, Avivah Litan, Sept 2012

12. Problems with One-Time Passwords
— 29% surveyed say up to 20% of OTPs
fail to be delivered
— About half due to invalid mobile number
FACTS ABOUT STEP-UP CHALLENGES?
Source: Ponemon Institute and Tyntec, 2014, IT Security Pros Abandoning
Traditional Security Measures in Favor of SMS-Based Two-Factor Authentication

13. What is Device-Based
Authentication?

14. What is Device-Based Authentication?
LOW FRICTIONHIGH FRICTION

15. What does it do?
Pairs authorized devices
with user accounts.

16. What does it do?
Adds check for an authorized
device on every login attempt.

17. What does it do?
Gives businesses a way to
improve account security while
simultaneously enhancing their
customer experience.

18. EFFECTIVE DEVICE AUTHENTICATION
R O B U S T D E V I C E R E C O G N I T I O N
• Utilizes deep analytics of device
attributes over time
• Measures and tracks change
independent of cookies and
IP addresses

19. EFFECTIVE DEVICE AUTHENTICATION
• Works on all devices
(desktop, laptop, tablet, mobile)
• Supports browsers and apps
C O N S I S T E N T O N L I N E E X P E R I E N C E

20. How it Works

21. OBJECTIVES OF DEVICE-BASED AUTHENTICATION
Avoid unnecessary
challenge questions
Enhance customer
confidence
Stop account takeovers
2 31

22. Match Accept
Login
No
Match
Step up
Authentication
Pairing
Check
Device
Pairing
SUCCESS
LoginUser
AccessUser Access Login
END USER
IOVATION
BUSINESS
HOW AUTHENTICATION WORKS

23. ADD THE POWER OF IOVATION’S RISK PLATFORM
• Authentication and risk checks coupled
in a single API
• Benefit from fraud intelligence submitted
by thousands of fraud analysts
• Consistent tracking of device activity throughout
your organization
• Adds strong device recognition, link analysis and
velocity checks
C o m b i n e i o v a t i o n ’ s d e v i c e - b a s e d a u t h e n t i c a t i o n a n d r i s k s e r v i c e
f o r c o m p r e h e n s i v e p r e v e n t i o n o f a c c o u n t t a k e o v e r :

24. Risk
Check
Match with
measure of
changePairing
Check
LoginUser
AccessUser Access Login
Allow or
Reject
Access
Step Up
Authentication
SUCCESS
Device
PairingEND USER
IOVATION
BUSINESS
Rules
Engine
AUTHENTICATION WITH RISK CHECK

25. 2FA
FAILURE

26. 2FA
FAILUREUser did not receive
one-time password

27. 2FA
FAILURE
Is login an ATO attack at a
different location, or a
legitimate login by same
device?
User did not receive
one-time password

28. iovation
check

29. iovation
check
Low-Friction, Straight-Through
Login Result!

30. TAKE–AWAYS
81%
D E V I C E - B A S E D A U T H E N T I C AT I O N I S A F R I C T I O N L E S S S E C O N D
FA C T O R O F A U T H E N T I C AT I O N AT L O G I N
• It improves account security while
simultaneously enhancing your
customers’ experience.
• Pair device-based authentication and
iovation’s risk service for
the strongest impact.

31. Q&A Go ahead. Ask Away.
1.503.224.6010 info@iovation.com www.iovation.com