Underwriters Laboratories, a consulting and certification organisation from the US and which spans over 40 countries including South Africa, were among the exhibitors at Seamless Africa 2017, which took place 14-15 March at the Cape Town International Convention Centre, Cape Town.
At the event Steven Jackets, Transaction Security Group Leader of Underwriters Laboratories, gave an address which focused on The Future of Authentication.
IT News Africa spoke to Steven Jackets about the future of authentication, how it could change with the development of IoT and the effect it will have on the African continent.
1. With AI’s and biometrics singled out as two potential authentication strategies, in your opinion what is the most realistic and probable authentication solution going forward?
Biometrics is not a suitable authentication strategy on its own; it needs to be coupled with additional factors (multi-modal), or increased fraud analysis which is often (AI). Due to this, AI and biometrics can often be seen as going hand in hand. Both strategies are hot within the industry at the moment and UL sees that vendors offer both solutions and the market accepts both. Nowadays, neither strategy is fully capable of handling a full authentication alone.
2. Do you see these authentication strategies influencing a variety of industries?
Yes, they will be used in various industries – just see how it is changing the entire Mobile environment for example.
On a wider scale, AI is probably more applicable as it does not require the customer to have an analog front end to capture the biometric data. Realistically, what you’re really asking about is biometrics or risk-based authentication (with the risk assignment being managed through an AI risk engine).
We see risk-based authentication being bigger in the general IT/computer industry, and biometrics being more of a consumer focused technology, used to provide a faster alternative to poor passwords and offer a unique user experience.
3. In Africa, with cost and sustainability being two major concerns, how do you think a new authentication solution will be implemented and how long will it take considering the wealth gap?
Africa is in an excellent position to jump on the PIN bandwagon and go to more CDCVM based solutions, which can easily be deployed to even low cost phones. Customers are increasingly making the technology purchase for the merchant, and emerging markets can exploit this to expand payments into areas where it would otherwise be too costly for a merchant to have a ‘terminal’.
4. What are the major security risks when changing an authentication solution?
Implementing the right level of authentication is crucial and a careful assesssment of risk across the entire spectrum of users and user activity is required. What are the devices being used? What type of data is included? Who are the users? UL recognizes that user experience, risk management and data reliability are all major security risks when it comes to changing an authentication solution.
5. Do you see authentication solutions playing an important role in the development of IoT and in combating the security risks that come with IoT?
Absolutely. IoT and Authentication go hand-in-hand.
Authentication is often a problem that is exploited on the device, on the back end or occasionally, even on the customer phone application. Poor default passwords lead to Mirai malware attacks and security is breached with lack of authentication.
Each of these areas have different solutions – no default passwords on devices, strong authentication (like FIDO) on backends, and better security on the customer application. However, authentication is just one of the many problems that IoT security faces.
By Dean Workman