As mobile banking and digital wallets gain prominence, online transactions often need to be noticed. Despite the prevalence of mobile devices, using desktop browsers for transactions remains a crucial option. However, this shift to online activities has introduced new forms of fraud and identity theft. Authentication through browsers poses specific challenges, especially in balancing security with user ease.
Entersekt, a top player in financial authentication, is working on solutions to tackle these problems. Mzukisi Rusi, Vice President of Product Identity and Authentication at Entersekt, recently shared with PYMNTS that traditional techniques like cookies and device fingerprinting are facing increasing limitations due to privacy issues and regulations imposed by major tech companies such as Google and Apple. He emphasised that the most compelling authentication is one that occurs without user awareness.
Recognising a returning browser without relying on cookies or fingerprinting—methods that compromise privacy—is quite challenging. Rusi explained that their approach employs cryptographic proofs and signatures to distinctly identify devices while safeguarding privacy and security. Enhancing user experience is vital in identity verification processes.
Although active authentication methods like one-time passwords (OTPs) or biometric checks provide security, they can also interrupt the user’s experience. To address this challenge, Entersekt offers silent authentication, a seamless method that operates quietly in the background.
Rusi explained to PYMNTS that active authentication necessitates user participation, such as inputting a one-time password or approving a push notification, which can disrupt the overall user experience. In contrast, silent authentication relies on risk evaluations and robust indicators like Browser ID to confirm ownership without requiring any action from the user. It’s akin to a hidden security guard that verifies your identity without demanding constant interaction.
Entersekt has developed a patented method for multifactor authentication (MFA) that improves both security and user experience. Their Browser ID technology functions as a digital fingerprint for web browsers, providing a privacy-conscious alternative to cookies and conventional device fingerprinting.
According to Rusi, Browser ID employs cryptographic signatures for device identification; when prompted, the device quietly validates its identity by signing a challenge using a private key. This method is crafted to uphold user privacy by not tracking browsing behaviour or sharing information across different websites.
Additionally, Browser ID can be integrated with other risk indicators, like behavioral biometrics, to facilitate genuine MFA in an entirely silent manner. As a result, users enjoy robust security measures without needing to engage actively, striking an ideal balance between convenience and safety.
Vision for the Future
Entersekt envisions a future focused on increasing the adoption of Browser ID and improving user experiences across multiple digital platforms. The company has already received encouraging responses from U.S. financial institutions (FIs) that have integrated this technology. We have introduced Browser ID to various financial institutions, and the feedback has been highly positive, Rusi shared while outlining Entersekt’s plans. Users value being recognised as trusted without having to undergo constant authentication processes. Our goal is to broaden the application of this technology across additional channels while continuously enhancing the equilibrium between security and user convenience.
Entersekt’s overarching objective is to comply with regulatory standards, such as PSD2, without sacrificing user experience. Rusi emphasises that his company intends to meet regulations like PSD2 by digitally signing transactions directly on a customer’s device in a seamless manner, thereby ensuring both compliance and integrity. This approach provides a secure experience for users without imposing extra steps.
For financial institutions, adopting Entersekt’s Browser ID brings numerous operational advantages. These include lower fraud rates, enhanced customer loyalty, and reduced costs associated with fraud prevention and user verification. Financial institutions enjoy improved security that translates into fewer instances of fraud and more satisfied customers, Rusi stated. Moreover, compliance with regulations while maintaining an optimal user experience can foster greater customer loyalty. FIs also benefit from improved risk signals that help them determine when to challenge users actively versus when to allow smooth transactions.
Maxthon
In today’s technology-driven world, the rise of cyber-attacks has become a severe issue. A persistent group of hackers is actively searching for opportunities to steal personal data, take over online accounts, and install harmful software to achieve their malicious goals.
Web browsers are often highlighted as a fragile link in an organisation’s security measures, which is troubling since they provide access to vast amounts of confidential information. To combat these threats effectively, companies must prioritise the implementation of advanced cybersecurity solutions tailored specifically for web browsers. Such initiatives are vital not only for safeguarding sensitive data but also for ensuring secure operations within an increasingly connected environment.
Organisations of all sizes and industries face similar challenges regarding browser security. One significant hurdle is the need to integrate robust security measures that function seamlessly with existing systems without disrupting regular business activities. It is crucial that this integration effectively mitigates sophisticated cyber threats while allowing operations to proceed smoothly.
Alongside technological protections, educating users plays a crucial role in combating cybercrime. Offering employees ongoing training on issues like phishing schemes, login weaknesses, and dangerous websites can empower them while ensuring they have continued access to necessary resources. Ultimately, fostering a culture of security awareness within an organisation is essential for minimising risks and enhancing defences against constantly evolving cyber threats.