Friction-reduction US Patent granted to Citibank – Device Binding to replace login
- Posted by Avi Turgeman
- May 14, 2015
- 3 min read
Before discussing the specifics of the new patent granted to Citibank and implication once it is introduced into their online banking, I would like to share a recent experience I had with my account managed by another US bank this past week.
I work out of my home office in Boston and travel every few months to our R&D center in Tel Aviv for face to face meetings. Last week, while in Israel, I get a phone call at 6:00 AM from my wife telling me she found us a GREAT apartment and in order to secure it I need to transfer a down payment to the realtor. So, I tried to login from my laptop and get prompted with a message to type a one-time-code sent through SMS. Although, I am using the SAME computer I have always used to access my bank account the mere fact that I am now in Israel identifies me as high risk! I wait for the SMS that arrives after 10minutes (the wonders of international roaming), and by this time the code has expired and I am being asked to resend the SMS. An hour later, and after several failed attempts to login, I suggested to my wife to try to login, using my credentials, from another computer in the house. For some reason (unknown computer? velocity checks?) she is also prompted for SMS authentication. At this point my vocabulary is reduced to the F word … Friction (yah right!).It is now close to midnight in Boston and I have a full day of work ahead of me, so I suggest we resume trying to transfer the money the next Boston morning when branches are open. Long story short – we lost the apartment to tenants with less "credit" problems.
And now, back to Citibank's new granted patent.
Citibanks' New Granted Patent - Less friction
Last week Citibank was granted with a US Patent for Methods and systems for accessing account information electronically. Citibank's patent enables binding a device to an online banking account to eliminate login (provide user and password). As cited from Citi’s patent: There is a present need for methods and systems for accessing account information electronically that provide a high level of convenience for on-the-go customers of financial institutions, such as banks, who wish to learn quickly and easily how much money or credit they have in their accounts without repeatedly going through complicated sign-on processes, while at the same time providing a number of controls to ensure that the security of customers' information is safely maintained"
According to the patent: device binding can be done "using a processor of a back-end server, a computing device with a customer's profile via at least one attribute of the computing device and an encrypted token stored on the computing device."
Simply put, once implemented, Citibank customers will not be required to type their user and password when checking their balance and other information when using the same device (irrespective of location).
Granted that this patent is a step in the right direction, it is not a panacea for all friction associated with online banking authentication. First, it only covers low risk activities such as checking the balance in a bank account and would not allow money transfers and similar high risk actions. Second, it doesn't address situations of login from new devices. And, of course it doesn't help to detect malware that takes advantage of the victim's device to perpetrate fraud via remote access or automated scripts.
Behavioral Biometrics - complementary approach to device centered protection
Here at BioCatch we track how users interact with online and mobile applications, analyze and profile user biometric behavior to authenticate users and identify malware threats.
Behavioral Biometrics complements device solutions like device fingerprinting and device binding as an additional layer of risk analysis and security – enabling banks to reduce friction while protecting their customers. Ensuring that protection is maintained on-the-road and with any device.
Like Citibank, BioCatch believes that there is much room for innovation for improving online banking experience. BioCatch has already been granted 3 patents and another 21 patents are in process, all focused on the use of behavioral biometrics for the frictionless authentication and threat detection.
About the author
Avi Turgeman holds a B.Sc. cum laude in Physics and a M.A. in Philosophy of Science. Avi is a founder of BioCatch, and comes with over six years of experience in the military intelligence as a researcher, inventor and R&D team leader. During his military service Avi became well versed in white-hat hacking, system vulnerability management, network surveillance, data mining and electronic signatures. Prior to BioCatch Avi worked in the electro-optic industry as a senior researcher. He also was the Co-Founder of VocalZoom, as well as Co-Founder & CEO at Tapingo (formally Nsof Connect Ltd.)
Comments