IBM Launches Pinpoint Verify to Improve Digital Identity Trust

[nir]

IBM is bringing identity and access management technology into its Pinpoint Suite to help prevent online fraud.

 

IBM announced its new Pinpoint Verify technology on Nov. 8, providing organizations with a model for combatting online fraud with a digital identity trust approach.

 

Alongside the new technology release, IBM sponsored a report from Javelin, titled, "Preserving Trust in Digital Services" that provides context for why digital identity trust is needed. Among the primary findings of the 27-page report is that Financial institutions reported that just 50 percent of consumers believe mobile banking is secure.

 

"Many popular methods, such as user name and password or knowledge-based authentication, can be both ineffective at stopping malicious users and cause customer frustration," Jason Keenaghan, Director, IAM and Fraud at IBM Security, told eWEEK. "However, we were most surprised to see these organizations reporting on their actual authentication failure rates."

 

Respondents to the Javelin survey indicated that more than one in five (22.8 percent) of their users are failing authentication. Keenaghan said that for a significant portion of respondents, (13 percent) that number goes as high as over 40 percent failure rates. 

 

"These numbers clearly indicate that users must be highly frustrated with the authentication process, even more than we had expected," he said.

Pinpoint Verify

The Trusteer Pinpoint suite provides multiple security and fraud protection capabilities that have been expanding in recent years. Keenaghan noted that Pinpoint Verify is an entirely new product module within the Trusteer Pinpoint suite, to enable digital identity trust.

 

"We leveraged MFA [Multi-Factor Authentication] technologies already available from the IBM identity and access management suite, known as IBM Verify," Keenaghan said.

 

Keenaghan said that the areas of identity and online fraud detection are coming together to serve the new market need for Digital Identity Trust. He added that similar to the other products in the Pinpoint suite, Pinpoint Verify is a cloud, microservices-based offering for easy deployment.  Pinpoint Verify also has a publicly available mobile app for iOS and Android, as well as an SDK available on github to integrate authentication into custom mobile apps.

How It Works

Keenaghan explained that a typical Pinpoint Verify deployment would involve leveraging IBM's SDKs to integrate MFA into an organization's existing digital services portal, website, or mobile app. 

 

"The integration is done once, and future changes to leverage the latest authentication factors can be done seamlessly without changing the underlying application, reducing time to market and speeding the development process," Keenaghan said. "The backend service itself is delivered from the cloud; so there is nothing to install or manage in the data center."

 

Pinpoint Verify joins other Pinpoint module including Assure and Detect to help manage digital identity trust.

 

Keenaghan said that he Pinpoint Assure module is used to assess the risk of new or anonymous users, building or establishing initial digital identity trust. Pinpoint Detect helps organizations continuously assess the digital identities of known or enrolled users, sustaining that digital identity trust. Finally, if one of these two (Detect or Assure) flags a user as high risk, Keenaghan  said that Pinpoint Verify allows organizations to confirm trust using two-factor strong authentication. 

 

"Pinpoint Verify works with Pinpoint Assure by providing step-up authentication for high-risk users only," Keenaghan said. "It allows the user to confirm the trusted relationship they are building with your organization using multiple different flavors of two-factor authentication: one-time passwords, mobile push, biometrics, or other flexible options."

 

Looking forward, Keenaghan said that IBM is continuing to invest research and development resources into new and innovative ways to detect and stop the latest threats.  

 

"We are heavily invested in AI and machine learning, now that might seem just like buzzwords, but for us it is not," Keenaghan said. "Our researchers are constantly enhancing our AI models to implement new use cases like continuous authentication with behavioral biometrics, bot detection, and privacy-preserving client-side analytics." 

 

Source