Banking on the cloud: The ABC of RBA

Last updated: 13 December 2022

If you work in financial services, or indeed technology, then you’ll be no stranger to an acronym or two…or ten. They seem to be impossible to avoid regardless of topic, and it’s all too easy for your audience to lose track of what you’re talking about.

Lately on this blog, we’ve been talking about RBA, which for an ornithologist may mean rare bird alert, but in the world of digital banking it stands for Risk Based Authentication. In my last blog I already described why RBA is vital for financial institutions. In this post we will instead focus on some of the acronyms you need to be aware of when digging deeper into this topic.

So, let’s get started….

RBA – Risk Based Authentication is a dynamic authentication system which takes into account the environment (IP address, device, time of access) and behaviour of the person requesting access to determine the risk level for that transaction. This way you can adapt your authentication strategy to the level of risk in order to reduce recurring customer friction while reducing account takeover.

ATO – Account Takeover is an attack where fraudsters use stolen credentials to take control of a user account. Credentials are typically gained from social engineering, data breaches and phishing attacks, and then sold on the dark web. Risk management and behavioural biometrics are used to differentiate between legitimate and fraudulent users to stop account takeover attacks.

FIDO – Fast ID Online is an authentication standard for fast and secure password-less authentication. Thales believes in open standards and have been a supporter and FIDO board member for a long time. The arrival of FIDO2 and native support for FIDO authentication across browsers and platforms will enable a fundamental shift to phishing-resistant authentication, bringing security and UX to new higher standards.

MFA / 2FA – Multi-factor Authentication/Two-factor Authentication are used when a security technology requires multiple methods of authentication from independent categories of credentials to verify a user’s identity for a login or other transaction.

OTP – One Time Password is a password that is valid for only one login session or transaction. If they are sent to the end user via mail or SMS they may be intercepted by a fraudster, which makes them less secure. If they are generated on a dedicated hardware device the security is higher, but it adds additional friction.

PSD2 – Revised Payment Services Directive is an EU directive to regulate payment services and payment service providers throughout EU. The goal is to make payments more secure and protect consumers, for instance with the requirement of strong customer authentication

SCA – Strong Customer Authentication is a requirement of EU’s Revised Directive on Payment Services (PSD2) and provides evidence of a user identity for a known customer with multi-factor authentication (MFA). It is the combination of at least 2 of the following; something I have, something I know and something I am.

RBA in an infographic

UX / CX – User Experience / Customer Experience is becoming more and more important when it comes to attracting new customers, and keep the ones you have. And with RBA you can improve UX a lot since risk management technologies can recognise returning customers, and when the risk is low PSD2 allows SCA exemption, for a totally frictionless authentication experience.

This list was just the tip of an iceberg, which useful acronyms in the world of RBA do you think I missed? Let me know with a comment below.

Leave a Reply

Your email address will not be published. Required fields are marked *