Online and Mobile Device Identification: Is Your Online Authentication Security Strategy Ready to Go Mobile?
- ID: 1409384
- October 2010
- 42 Pages
- Javelin Strategy & Research
Device identification is a relatively inexpensive authentication process that provides a low to medium layer of protection with high ease of use for consumers. But is this online security strategy ready to go mobile? In this report, Javelin reviews the advantages and disadvantages of device identification and its ability to extend from online to mobile authentication. The need for better account authentication in financial services, retail, medical, social networks and gaming is urgent and growing. While mobile threats are still nascent, online attacks on nationwide financial institutions are increasing. At the same time, more consumers are purchasing smartphones and are also connecting to online and mobile sites through their mobile devices. Security vendors reviewed are Digital Resolve, 41st Parameter, Iovation, RSA and ThreatMetrix.
- Why is there a need for a passive layer of security, such as device identification?
- What online authentication methods transfer to mobile authentication?
- What are the advantages and disadvantages of device identification?
- Will device identification work with mobile handsets?
- How does device identification help thwart criminal attacks and identify true customers?
- Which vendors supply digital identification? How are they differentiated?
This report is based primarily on data collected online in August 2010 from 1,995 consumers representative of the U.S. population in gender,
age, ethnicity and income. Overall margin of sampling error is ± 2.19 at the 95% confidence interval.
The consumer data in this report also refers to data based on several surveys:
- This report is based primarily on data collected online in the United States from a random-sample panel of 3,100 respondents with mobile phones in July 2010; overall margin of sampling error is ±1.76 percentage points at the 95% confidence level.
- This report is also based on data collected online from a random-sample panel of 5,211 U.S. households in March 2010. The survey targeted respondents based on proportions of gender, age and income representative of those of the overall U.S. online population. Overall margin of sampling error is ±1.36% at the 95% confidence level.
- Data from a September 2009 telephone survey of 5,000 U.S. adults, including 703 identity fraud victims, was also used in this report. For questions answered by all 5,000 respondents, the maximum margin of sampling error is +/- 1.4% at the 95% confidence level. For questions answered by all 703 identity fraud victims, the maximum margin of sampling error is +/- 3.7% at the 95% confidence level. For questions answered by a proportion of all identity fraud victims, the maximum margin of sampling error varies and is greater than +/- 3.7% at the 95% confidence level.
- A random-sample panel of 3,000 consumers with mobile devices collected in July 2009, with an overall margin of sampling error of ±1.79 percentage points at the 95% confidence level.
It also incorporates the 2009 and 2010 Mobile Banking Scorecards, which reviewed the top 18 and 19 financial institutions, respectively, offering customer-facing mobile banking services (out of the top 40 and 30 financial institutions, respectively, by deposit base). The surveys targeted respondents based on proportions of gender, age, income and ethnicity representative of those of the overall U.S. online population. Rounding (in the underlying numbers) in charts accounts for the slight differences in percentages. SHOW LESS READ MORE >
Urgent Need for Better Authentication
More Online Fraud and Sophisticated Attacks
Shift in Attacks to National Financial Institutions
Decline in Consumers’ Faith in Online Banking Protection
Proliferation of Mobile Devices
Growth of Mobile Banking
Not Enough Security
Authentication: A Two-Step Process
Medium Security with High Ease of Use Through Device Recognition
Planning for Mobile Security
WiFi vs. Cellular Internet Access
Smartphone-Based Mobile vs. Online Banking
Authentication System Overview
Sources of Account Holder Information
Static vs. Dynamic Information
Geolocation: WiFi, Cell Tower, GPS
Device Identification to Stop Cybercriminals
Reputation- Based Systems
Mobile Security Vendor Profiles
Comparison of Profiled Vendors
Table of Figures
Figure 1: Annual Amounts of New Accounts Fraud, Existing Non-Card Account Fraud and Existing Card Fraud, 2005–2009
Figure 2: Fraud from Online Purchases, 2008–2010
Figure 3: Fraud Attacks on National and Regional Banks and Credit Unions, August 2009–August 2010
Figure 4: Consumers’ View of Their Banks’ Ability to Provide Mobile Security
Figure 5: Smartphone Users, 2008–2010
Figure 6: Mobile Banking Adoption, 2008–2010
Figure 7: Top Reasons Cited by Consumers for Not Using Mobile Banking
Figure 8: The Enrollment Process for New Accounts
Figure 9: Difference in Authentication Processes for New and Returning Account Holders
Figure 10: Consumers’ Ratings of Effectiveness and Ease of Use of Authentication Technologies
Figure 11: Consumer Preference for Mobile Authentication
Figure 12: Comparison of WiFi and Cellular Access to the Internet
Figure 13: Smartphone Applications Offered by FIs
Figure 14: FIs’ Typical Behavioral System for Authentication
Figure 15: Diagram of Unique Device Attributes
Figure 16: Attributes Related to Network Authentication
Figure 17: TCP/IP Data From a Browser Without Privacy Control
Figure 18: TCP/IP Data From a Browser with Privacy Control
Figure 19: Spoofing TCP/IP Information
Figure 20: Simplified Proxy Scenario
Figure 21: Attributes Related to Software Authentication
Figure 22: Attributes Related to Hardware Authentication
Figure 23: Attributes Related to Location
Figure 24: Process for Thwarting Cybercriminals
Figure 25: Multiple Computers Logging into One Account
Figure 26: One PC and Multiple Accounts
Figure 27: Indicators of Possible Fraudulent Activity on an Account
Figure 28: Mobile Security Vendors’ Features