SMS-Biometrics: Adding Biometric Security without Reinventing the Wheel
Since the start of 2020, the world has seen an unprecedented level of progress of moving into a fully digital world. This has led to a number of positives for customers, as well as some big negatives. On the positive side, it is easier than ever to transact online anywhere, anytime. Companies are meeting customers where they are with an increased emphasis on omni-device access and a consistent omni-channel user experience.
On the negative side, fraud is at an all time high. Account takeovers (ATOs) grew 282% year-over-year, and just under half of US consumers have experienced an account takeover within the last two years. The cost of fraud also reached record highs with the US seeing over $700 billion lost to fraudulent actors. Another concerning statistic is the growth of friendly fraud (when a family member or friend perpetuates an account takeover or other fraudulent attack), with approximately 25% of US consumers experiencing it in the last two years. These statistics show that even with the increased adoption of KBA and SMS-OTPs (SMS text messages based on one-time passcodes), fraud has grown out of control. KBAs are extremely vulnerable to phishing and social engineering. SMS-OTPs also struggle with phishing attacks and have vulnerabilities to SS7 attacks and SIM-swapping.
So what is a better solution? Biometrics offer a more secure way to authenticate, but most current implementations have challenges. They require an app to be downloaded (which customers resist), don’t work across devices, or have odd and unfamiliar user experiences. But what if companies could use the same SMS messaging route or “rails” already familiar and adopted by customers, but add a higher level of security with biometrics authentication?
The Asignio SMS- Biometric
Asignio uses the same rails as current SMS-OTP systems but adds on a powerful security layer with its synchronous dual biometrics. The user receives an SMS text to verify their account, but instead of a 6-digit passcode they need to type back in, they simply click on the url link in the message that takes them to a web-page to enter their Asignio biometric sign-in. At the same time, they are drawing their personal glyph (any symbol or initials), Asignio takes a series of selfies to perform facial verification, securely authenticating the user to allow access to their account or transaction. This adds not just one, but two layers of defense without adding friction.
The Asignio SMS-Biometric system removes the ability for fraudsters to phish the OTP and protects against SS7 and SIM-swapping attacks. It also protects against friendly fraud as the attacker has to know the user’s Asignio signature, be able to replicate it, and somehow get them into the picture to pass facial recognition. Asignio’s SMS-Biometric provides vastly improved security while requiring minimal changes in user experience and can help protect you and your customers from growing fraud.