2 minutes
It enhances the “something you know” factor.
One of the hallmarks of any financial transaction is trust. Credit unions “trust” that members withdrawing money against their accounts are who they say they are … after doing something like matching fingerprints or an iris scan, asking questions that only those members should know how to answer, or confirming entry of an obscure password that should take 247 centuries to break.
On the other hand, members “trust” that this really is your credit union they’re dealing with, and not some fake website or skimmer attached to an ATM, trying to steal money. They also “trust” that their credit unions will protect all of the personal information that’s used to authenticate their identities. Unfortunately, it is that last “trust” that is the easiest to break.
We’ve seen dozens of super stores expose their customers’ data. In 2011 a bank employee sold customer data to thieves, causing a $10 million loss. Interestingly, the way the LA Times headlined that story was “Bank of America data leak destroys trust.”
The fintech industry is aware of this weak point of stored personal details and moving diligently to put identifying characteristics on each member’s phone. The aim is to make that one device the identifier of choice, without needing to go to a huge data repository in the sky. Instead of each vendor or institution confirming a person’s ID, that person’s phone confirms his or her ID and sends a token to the vendor saying “Yep, this is really xxx.” Now, the theory goes, if thieves want to steal 500 identities, they must break into 500 phones.
Artificial intelligence is helping to make phones effective keepers of people’s identities. More specifically, the “something you know” factor in three-factor authentication could be made even more secure using a phone.
For example, on-device AI knows where you’ve been and whom you’ve called. An AI-based “something you know” test might be something like “Where did you have dinner last night?” or “Which one of your brothers called you yesterday?” the former being gleaned from GPS, the latter from your contact file and phone log. Or, from machine learning based on your music habits on your phone, it might ask you what your favorite band is.
The point is that, instead of being asked a rotation of the same three challenge questions every time you log in, onboard AI can create fresh new questions every time, based on information gleaned from what you do.
All of this is possible today. How is your CU positioning itself to take advantage of it?
Brian Garr is a frequent speaker and author on artificial intelligence. He is chief operating officer at Cognitive Code. He also serves as chair of the audit committee of $1 billion/76,000-member IBM Southeast Employees’ Credit Union, Delray Beach, Fla., which has a membership in the Center for Credit Union Board Excellence. Follow him on Twitter: @garrbrian.
