Deciphering Multifactor Authentication: Strategies for Business Online Banking
Abstract
The majority of banks are not prepared to deliver multifactor authentication solutions to business clients. A strategy is required.
Multifactor authentication (MFA) is the talk of the town. The focus has been primarily on retail banking due to the sheer volume of customers impacted. However, the FFIEC guidance affects not only retail, but all customer segments including small through large businesses.
As we begin 2007, banks have to expedite their decision-making; 75% of them are not ready to provide MFA to their small business clients, and 42% will not be ready to provide it to their large corporate clients. They will eventually come through with solution deployment, although this will be some time later in 2007.
In a new report, , Celent analyzes the hesitation that banks have toward multifactor authentication as well as the decision-making methodology they should be following. Banks must pay careful attention to the customer segments they are defining and focus on future banking and customer requirements when selecting a MFA solution.
A focus on expendability and flexibility is paramount. Banks will most likely and should choose more than one of the MFA options available to them and will want to employ a layered MFA approach. This will allow banks to devise a comprehensive MFA program that can meet a wide variety of needs. MFA choices will vary depending on transactional risk, mix of banking platforms, disturbance threshold, and a bank’s use of a particular technology. The report also presents a case study on Zions Bank, which chose to roll out a solution to serve both its consumer and business segments. Zions was one of the first in the United States to offer a solution to its client base and was well under way with its MFA strategy well before the FFIEC guidance was released.
"The fact is that most banks are presently stuck in the planning and/or decision-making process," says Jacob Jegher, senior analyst in Celent's Banking group and author of the report. "Whether they like it or not, banks have to see past their reluctance and take a strong look at the bigger picture. A single username and ten-year-old password simply don’t cut it anymore. Banks have to accept that the time is now to implement MFA, particularly for wholesale banking clients."
This 29-page report contains eight figures and four tables. A table of contents is available online.
Members of Celent's Wholesale Banking research service can download the report electronically by clicking on the icon to the left. Non-members should contact info@celent.com for more information.