AuthenticAction™ FAQ

What is AuthenticAction™?

AuthenticAction™ introduces a new paradigm of digital trust. We provide a digital experience that ensures that any digital transaction is as safe, trusted, and simple as an in-person face-to-face interaction. AuthenticAction™ secures a transaction by simultaneously verifying the identity of the user and ensuring that the user actually performed the digital transaction. Using these two elements - identity and actions - AuthenticAction™ can provide an indisputable tamper-resistant proof of the transaction, so you can trust digital actions just like those in the real world.

What is a digital action?

We refer to digital actions as any discrete process, transaction or  interaction, that a human can perform digitally via a website or mobile application. These include, but are not limited to, login, financial transaction / payment, change of information, purchase, messaging, etc.

What problem does AuthenticAction™ solve?

AuthenticAction™ solves the lack of authenticity and trust in digital interactions. Unlike the real world where our physical appearance and actions verify our identity and intent, in the digital world it is difficult to know who is on the other side of a digital interaction, and are they doing what you think they are. The result is lack of trust that leads to compromises in your digital road-map - you are forced to reduce functionality, impose limits, and create user friction, all of which creates customer dissatisfaction along the way. We believe you shouldn’t compromise on either safety or customer experience.

How does AuthenticAction™ work?

AuthenticAction™ uses face biometrics and unique action capture technology to continuously and simultaneously authenticate the customer’s identity and digital actions. This process is passive. It occurs in the background of your application, using your existing flow to  provide a natural and effortless user experience.

Is AuthenticAction™ a fraud detection or authentication solution?

AuthenticAction™ combines fraud prevention and authentication into a single technology that is stronger than the sum of its parts. By simultaneously authenticating the identity of the customer and verifying the authenticity of the transaction, AuthenticAction™ defeats all existing 3rd party attacks vectors.

How does AuthenticAction™ go beyond authentication?

You can think about AuthenticAction™ like a digital notary. To authenticate a document a notary verifies a person’s identity and witnesses them signing a document. This is exactly how we go beyond existing authentication - we simultaneously verify both the identity and the action of the user. This naturally creates an extremely secure system, meaning no credential stealing attacks, device malware, reply attacks, overlay attacks, nothing.

How does AuthenticAction™ go beyond fraud detection?

Fraud detection systems focus on identifying known fraud behavior or anomalous behavior. These systems rely on estimating risk levels based on large data analyses. While useful in certain cases, this probabilistic approach is inherently prone to errors and results in false negatives and false positives. AuthenticAction™ doesn’t make guesses and doesn’t require historical data. Instead it witnesses the activity, captures the identity and action, and provides a binary answer of whether the action was performed by the true customer.

Why is AuthenticAction™ better than other existing approaches?

AuthenticAction™ is the only solution that provides the highest level of trust without user friction. Other approaches either require users to jump through security hoops and/or are vulnerable to (sophisticated) fraud attacks. The reason is the reliance on implicit trust. Existing authentication approaches rely on a proxy - such as a password, a device, a SIM card or token - for a customer’s identity. Fraud detection solutions further assume that the authenticated user is the same as the one performing the action. These assumptions create vulnerabilities which fraudsters use to attack. At the same time the step ups, false declines, and limits imposed on the digital channels are highly disruptive to the user experience. AuthenticAction™ is the only technology available that can provide a completely safe yet limitless and effortless experience.

How is AuthenticAction™ different from existing facial biometric solutions?

Biometrics solutions focus only on identity authentication and not on digital actions / transactions. In this manner they do not protect a system from most existing attack vectors.  AuthenticAction™ leverages face biometrics to link the action of a user to their identity. This twin-factor approach increases the security exponentially. Effectively the entire transaction becomes a tripwire where any malicious manipulation would invalidate the transaction.

What types of attack vectors is AuthenticAction™ effective in preventing?

AuthenticAction™ can effectively prevent all known attack vectors of malware / account takeover including credential stealing attacks, phishing, social engineering, SIM Swap, man-in-middle, overlay, replay, remote access, and more.

My organization has deployed a number of authenticators, an advanced fraud detection system, and an orchestration platform. Do I need AuthenticAction™ on top of all that?

We think you do. The inherited gap between identity and activity, the reliance on authenticating proxies for users rather than the customers themselves, and the built-in trade-off between safety and user experience, provide a great opportunity for improvement. At a minimum you can use AuthenticAction™ to allow your customers to perform high risk transactions online and/or to increase (and even eliminate) the limits on payments such as Zelle, ACH, and wires. For those customers who choose to opt-in, you can provide means to bank securely, limitlessly and effortlessly. That said, AuthenticAction™ can leverage existing investments, integrate with your orchestration and fraud platforms, and work alongside other authenticators and solutions.

Can AuthenticAction™ be a factor in MFA?

Absolutely. It can be a second factor without the extra step. For example a user can login with user/password and then use AuthenticAction™ to initiate a wire (instead of getting an OTP).

Can I implement passwordless experience with AuthenticAction™ ? How would it compare with other solutions?

Yes, AuthenticAction™ can be deployed to provide passwordless experience. When deployed as such AuthenticAction™ can provide unique capabilities that no other passwordless solution can offer today: zero interruptions, passive UX, always in-app (vs out of band), and device agnostic.

How do I get my customers to opt-in to AuthenticAction™ ?

We strongly believe that the best way to achieve high adoption is to create direct value for your customers, even beyond security. AuthenticAction™ is uniquely positioned to provide unrivaled security while elevating the customer experience. With AuthenticAction™ you can remove existing limits (e.g. higher limits on Zelle), eliminate step ups, reduce false declines, and provide an increased sense of security with superior UI/UX.

How does AuthenticAction™ ensure privacy?

We use some pretty neat technology to ensure that no images ever leave the customer’s device, but also ensure that they never need to pre-register a device. No identifiable information is ever passed to the cloud. This allows for privacy and security across any device, anytime, anywhere.

Authentic Actions, Effortless Trust

  • LinkedIn

© 2020 by Obsecure Inc.