Contextual Multi-dimensional Authentication (CMA) – Is It a Mobile Payment Gamechanger?

Contextual Multi-dimensional Authentication (CMA) – Is It a Mobile Payment Game Changer?

The ongoing debate relating to the differences between device recognition and behavioral biometrics, and which methodology provides the strongest authentication methodology is over. Paygilant’s CMA approach to mobile payment authentication includes the best of both worlds and more.

Contextual multi-dimensional authentication (CMA) is a new approach for mobile payment verification that integrates large amount of data and uses machine learning to generate a risk-score. On a super high level – CMA systems ingests a wide range of behavioral biometric, device fingerprint and transaction data, to distinguish between genuine/fraudulent activities throughout the entire user-journey.

Using machine learning and smart rules, contextual multi-dimensional authentication (CMA) integrates data from multiple sources including device fingerprint, location, network, transaction, behavioral indicators, etc. Changes in login patterns, geolocation, and other factors may affect the risk rating of a given request and will determine whether the user or transaction will be approved, denied, or challenged to submit an additional authentication factor.

What makes CMA exceptional is the that it relies on multiple layers of identity indicators to stop mobile fraud and reduce friction to users. This combination of security and convenience was historically a trade-off, users needed to trade one for the other. However, CMA approach makes the concession irrelevant. By covering multiple touch points with overlapping data, organizations can now be confident that payments are protected from end to end.

Unlike behavioral biometrics alone, CMA systems provide static and dynamic authentication adding a contextual layer to the identity verification process.

Behavioral Biometrics Vs. Multi-dimensional Authentication (CMA)

Paygilant’s CMA based SmartRisk solution the combines Behavioral Biometrics + Device Analytics + Transaction Based Data to generate the most comprehensive, accurate on mobile risk-score available. Paygilant makes mobile payments safer, faster and easier. Using a disruptive technology that is designed to protect mobile payments (executed by NFC, QR code or online) from mobile fraud, Paygilant operates in a hybrid mode on the mobile device and back-end server. Paygilant enables friction-less customer experience prior to processing the transaction, triggering immediate authentication only upon a suspicious fraudulent attempt.

Device Attributes

Various attributes observed on the device can contribute to the detection of fraudulent behavior and to the derivation of a device ID. Device model, screen, memory, UUID, OS, IP, geolocation, app permissions, and more are observed. Geolocation is probably the best example for a device attribute used for detecting fraud - if a transaction is attempted from Moscow a short while after the preceding transaction was carried out in New York, then that is a strong indicator of fraud. Restricted app permissions is another indicator that the user might be hiding something. Another example is app permissions that are restricted by the user – that, in combination with other things, night suggest that the user might be hiding something.

Transaction Data

Paygilant employs propriety transaction behavioral maps. The Behavioral Maps represent the purchasing patterns/behavior of a specific customer and her nearest neighbors and are created using Paygilant's proprietary machine learning algorithms. The behavioral maps typically comprise a large amount of information but must be compact 9 enough since they are securely transmitted to the mobile device. To achieve this Paygilant utilizes its depth of field (DOF) approach from digital photography to compress the information so that complex calculations that do not require work intensive CPU and memory. A Behavioral Map shows a clear, high resolution picture of the different risk zones and is a key factor in determining the risk of a specific transaction and has the following key characteristics: - User specific: each map is unique, calculated and maintained on a per user basis, therefore representing a transaction risk level for each customer’s transaction. - Lightweight: Resolution variations enable maintaining only the necessary data, reducing the map's weight to a bare minimum. - Dynamic: As the purchase behavior changes, the map will be modified.

Device DNA

Bio Markers

Paygilant observes bio markers to passively identify the user behind the transaction. Common bio markers Paygilant observes include touch time, time between touches, size of touch inputs, finger velocity, scrolling pace and drag length, typing biometrics, and more. Paygilant’s robust bio markers are just one of the several intelligence sets that make up the broader solution and is designed to augment the fraud/no-fraud decision that precedes any step-up authentication request.

App Interactions

Paygilant looks at how the user interacts with the mobile application to determine if the interactions are consistent with a legitimate user. For example, if a user navigates directly to a high-ticket item and immediately proceeds to check-out, then that suggests something fraudulent might be happening. If a user inputs his name and address on the payment form in a manner that is not consistent with how normal users would do it (i.e. slower than expected because typing-in unfamiliar strings), then that provides another clue that something fraudulent might be happening.

User Data

Intelligent, privacy preserving analysis of user data on the mobile device provides valuable insights into fraudulent activities. User data analysis is especially helpful in hard-to-analyze scenarios like new account origination, where there is no established history for the user/account. Some examples for how device data can be used include comparing user accounts on the device with the payment cardholder identity, or the identity disclosed on a new account registration form – a mismatch provides a strong indicator for fraud. No media on the device, empty contacts list, and sparse call logs are also examples of fraud indicators that can be collected from user data on the device.

[contact-form-7 id="1746" title="Contact+PDF_new"]

[contact-form-7 id="1390" title="Contact+PDF_copy"]

[contact-form-7 id="1397" title="Contact_copy"]

Contextual Multi-dimensional Authentication (CMA) – Is It a Mobile Payment Gamechanger?

Recent Posts

2022 and Digital Banking

6 Ways COVID19 Has Impacted Payments

Reducing Friction Without Compromising Security, is This Possible?

Can Mobile Banking Finally Serve the Underbanked?

Sign-Up Bonus Abuse