AuthenticationWorld.com
The business of authentication
- Authentication Categories
- Password Authentication
- Single Sign On Authentication
- Access Control Authentication
- Authentication - Enterprise Security
- Authentication Strength
- Authentication Transaction
- Authentication Management
- User Authentication
- Authentication Federation
- Authentication-Biometric
- PKI Authentication
- Token Authentication
- Wireless Authentication
- Document Authentication
- Authentication -Outsourcing
Transaction Authentication
Transaction authentication is a relatively new form of stronger authentication that has gained momentum recently with the introduction of US financial regulations requiring financial institutions to increase their authentication strength for some of their customers.
What is transaction authentication?
Transaction authentication is software residing on the enterprise security servers that monitors, in addition to the successful use of user id and password the:
- IP address the user is coming in from
- Users geolocation
- Computer hardware the user is using
- Time of day
- Previous user pattern of behaviour
All of these factors are important in judging the authentication trust the enterprise is willing to give verifying that the digital identity presenting themselves to the enterprise is really who they are.
A Transaction Authentication Example
For example, let's say that user logs successfully on to your enterprise systems using their id and password as Bob Doe, Manager of Payables. The user then tries to execute an electronic cheque transfer of $95,000 to Acme Co. At this point the transaction authentication software kicks in and notices the following:
- The IP address is different from the one that Bob normally uses
- The geo-location is from Russia and not the city that Bob works in
- The computer hardware is totally different than the one Bob uses
- The time of day is 2:00 AM
- The usage pattern is totally different in that Bob never normally logs on at 2:00 AM to do an electronic cheque approval
At this point, the transaction authentication software could do the following:
Alert the enterprise in real time that a suspicious activity was occurring
- Start asking all sorts of personal questions to the digital identity trying to verify if it really was Bob on the end of the computer
- Block the user from successfully logging on to the application
This type of software does not have to be applied to financial transactions. It can be used for regular logons by your enterprise employees and/or other users. Note however that the users should be notified in advance that their computer hardware and IP addresses will be monitored as well as their usage patterns.
Recommended vendors for transaction authentication are Bharosa and RSA.
Authentication Management
Password Authentication Single Sign On Authentication Access Control Authentication Authentication-Enterprise Security Authentication Strength Authentication Transaction
Authentication Management User Authentication Authentication Federation Biometric Authentication PKI Authentication Token Authentication Wireless Authentication Document Authentication Authentication - Outsourcing
