Deciphering Multifactor Authentication: Strategies for Business Online Banking
AbstractBoston, MA, USA January 10, 2007
The majority of banks are not prepared to deliver multifactor authentication solutions to business clients. A strategy is required.
Multifactor authentication (MFA) is the talk of the town. The focus has been primarily on retail banking due to the sheer volume of customers impacted. However, the FFIEC guidance affects not only retail, but all customer segments including small through large businesses.
As we begin 2007, banks have to expedite their decision-making; 75% of them are not ready to provide MFA to their small business clients, and 42% will not be ready to provide it to their large corporate clients. They will eventually come through with solution deployment, although this will be some time later in 2007.
In a new report, , Celent analyzes the hesitation that banks have toward multifactor authentication as well as the decision-making methodology they should be following. Banks must pay careful attention to the customer segments they are defining and focus on future banking and customer requirements when selecting a MFA solution.
A focus on expendability and flexibility is paramount. Banks will most likely and should choose more than one of the MFA options available to them and will want to employ a layered MFA approach. This will allow banks to devise a comprehensive MFA program that can meet a wide variety of needs. MFA choices will vary depending on transactional risk, mix of banking platforms, disturbance threshold, and a bank’s use of a particular technology. The report also presents a case study on Zions Bank, which chose to roll out a solution to serve both its consumer and business segments. Zions was one of the first in the United States to offer a solution to its client base and was well under way with its MFA strategy well before the FFIEC guidance was released.
"The fact is that most banks are presently stuck in the planning and/or decision-making process," says Jacob Jegher, senior analyst in Celent's Banking group and author of the report. "Whether they like it or not, banks have to see past their reluctance and take a strong look at the bigger picture. A single username and ten-year-old password simply don’t cut it anymore. Banks have to accept that the time is now to implement MFA, particularly for wholesale banking clients."
This 29-page report contains eight figures and four tables. A table of contents is available online.
Members of Celent's Wholesale Banking research service can download the report electronically by clicking on the icon to the left. Non-members should contact firstname.lastname@example.org for more information.
Celent is a research and advisory firm dedicated to helping financial institutions formulate comprehensive business and technology strategies. Celent publishes reports identifying trends and best practices in financial services technology and conducts consulting engagements for financial institutions looking to use technology to enhance existing business processes or launch new business strategies. With a team of internationally based analysts, Celent is uniquely positioned to offer strategic advice and market insights on a global basis. Celent is a member of the Oliver Wyman Group, which is a wholly-owned operating unit of Marsh & McLennan Companies [NYSE: MMC].
Tel: +1 212 345 1366
Tel: +44 (0)782 448 3336
Tel.: +81 3 3500 3023
Table of ContentsBoston, MA, USA January 10, 2007
|The State of Multifactor Authentication in Wholesale Banking||6|
|The Hesitancy Toward Multifactor Authentication||9|
|Numerous Factors Hold Banks Back||9|
|Banks Have to see the Bigger Picture||10|
|Starting From the Ground Up||12|
|Banks Have to Take a Step Back||12|
|Understanding Customer Needs and Defining Customer Segments||12|
|The Multifactor Authentication Menu||14|
|Keep it Simple: Focus on Transaction Risk and Disturbance Threshold||14|
|A Menu of Choices||15|
|Determining Business Needs by Segment Size||16|
|Selling the MFA Concept||20|
|Zions Bank: Leading the Pack||21|
|Objectivity and Methodology||28|