RISK-BASED APPROACH TO DEPLOYMENT OF OMNICHANNEL BIOMETRICS IN SBERBANK

Transcription

1 SESSION ID: IDY-W02 RISK-BASED APPROACH TO DEPLOYMENT OF OMNICHANNEL BIOMETRICS IN SBERBANK Anton Mitrofanov Authen:ca:on PlaBorm Chief Product Owner Sberbank Leyla Goncharenko Risk-based authen:ca:on Product Owner Sberbank

2 Biometrics as a FinTech Trend Juniper, TOP 10 DISRUPTIVE TECHNOLOGIES IN FINTECH,

3 Biometrics as a FinTech Trend 3

4 Biometrics as a FinTech Trend 4

5 Biometrics as a FinTech Trend 5

6 Biometrics as a FinTech Trend Banks turn into digital plaborms Digital UX requires seamless and fast security biometrics? Biometrics is already trendy among mobile devices (FaceID, TouchID) Banks experimen:ng with different types of biometrics depending on the environment (Branch, Call Center, Mobile Apps, ATM) Biometrics becomes a part of government regula:ons and complience 6

7 Biometrics is a silver bullet..? No need to take the IDs - Biometrics is always with you Biometrics aligns the Customer experience among the service channels: ATM Branch Mobile Apps Call Center Ge\ng the costs down for the branches and call center 7

8 .. Or a challenge? What the Banks face when implemen:ng biometrics are: Privacy concerns Liveness issues Recogni:on accuracy Enrollment is not equally secure Complicated rules and trust matrix are implemented to reduce the risks 8

9 Biometrics limita:ons Recogni:on accuracy? P = 0,999 P = 0,0001 Probability of false accept for biometrics is always above zero Accuracy in large volumes? Is it alive? Biometrics based mostly on image processing. How could we assure that it is live person? How to re-issue your biometrics? If your biometrics was stolen - how could we trust you? 17 9

10 Biometrics technologies security Framework Override or modify data 6 Data storage Modify biometrics reference 7 Signal Data capture Comparison Decision processing Presenta:on alack Modify sample Override signal Modify probe Override comparator Modify score Override decision From ISO/IEC , inspired by figure by Nalini Ratha from 2001 and Standing Document 11 of ISO/IEC JTC1 SC

11 Biometrics technologies security Alacks examples Biometrics scanners Spoofing Biometrics search engine Morphing Enrollment process Profile stealing Profile 1 Profile 2 Profile 3 Profile 4 Presenta:on alack Override comparator Modify biometrics reference 19 11

12 Biometrics liveness detec:on Interac:ve liveness Random user ac:ons «3D» models based on movements Environmental liveness Recogni:on of displays signatures Recogni:on of paper and phone/ tablet forms 28 Scanner-based liveness 3D models based on depth surface, temperature and pulse analysis IR images

13 Authen:ca:on factors across the channels 13

14 Lessons Learned Voice and face biometrics are easier to integrate and common for Customers. Behavioral biometrics is an addi:onal invisible layer of protec:on. Fingerprints and palm veins good for physical access and trade acquiring. Presenta:on alack detec:on is s:ll a challenge: we see poten:al in mul:modal liveness detec:on (e.g. face+voice or face+behavior). Server-side processing provides omnichannel approach, but s:ll you need to es:mate the risks. On-device processing is s:ll on our radar as the privacy concerns and regula:ons may change the world quickly 14

15 RISK-BASED AUTHENTICATION AS UNIVERSAL SOLUTION

16 Risk-based authen:ca:on Basic workflow? Score ac:on s risk level Select available auth factors Define necessary and sufficient challenge 4 Authen:cate by selected factors Risk score User behavior profile for anomaly detec:on Define available auth factors Check IT-environment for scanners availability Select appropriate combina:ons Define challenge based on risk score Factor i weight F i Risk score R Challenge: Sum (F i ) R = 0 Challenge user by selected factors Confirm users iden:ty 21 16

17 Measuring risks AuthenRcaRon data model AuthenRcaRon measurement models Behavior profile Environment data End-point device fingerprint Ac:on data Anomaly behavior Change in environment End-point device fingerprin:ng Ac:on risk scoring Rule-engine decision maker Set thresholds for interpre:ng measurement results Rules for combining results of measurements Rules for including external data and models results Decision making conveyer 22

18 How to measure auth alempt? Supervised learning Unsupervised learning Rule engine Based on appeals from customers or IDS/Fraud incidents detec:on User behavior profile for anomaly detec:on Set of rules, describing: know alacks/frauds interpreta:on of outputs from models 23 18

19 Authen:ca:on measurement models User behavior scoring looks at previously aggregated sta:s:cs of typical user ac:ons Environment scoring based on geoloca:on, network provider, IP End-point device scoring takes into account device alributes (model, S/N, hardware etc) Rule-engine as mandatory component of decision making for risk-based approach our approach to use rules for interpre:ng scores from models Behavior model Environment score End-point score Factors weight Overall score 24

20 Rule-engine for risk-based models Rule-engine is mandatory component of decision making for risk-based approach Rule-engine used for: Interpre:ng models scoring Defining known alack/fraud cases Selec:ng available and allowable authen:ca:on factor Composing final decision 25

21 How to measure auth factor s trust? Frequency of usage by user how usual this factor is for this user? «Resistance» to compromising (based on experience) set by security experts based on best world prac:ces and experience Channel type how secure is channel of registra:on? Alack sta:s:cs how much security incidents with this type of factors? 26 21

22 How to measure biometrics template s trust? Biometrics template enrollment channel Step-up bio template confirma:on VS? VS? Step-up template confirma:on process Biometrics enrollment sample quality Liveness detector score Enrollment environment risk score 27 22

23 Risk-based transac:on verifica:on Decline No 1 Financial transac:on scoring 2 Is transac:on good? Not sure 3 Confirma:on of payment 4 Models adjustment Transac:on risk score Authen:ca:on risk score User environment, etc. Allow Yes Transac:on risk score Authen:ca:on risk score User environment, etc. What factors available in this channel? What factors are available for user? Supposed fraud case restricts sufficient auth factors What factors set are sufficient to ensure trust? Adjus:ng transac:on and authen:ca:on measurement models according to confirma:on result 29

24 RBA: Typical transac:on RBA checks the pre-requisites Login+pass Device fingerprint Geoloca:on, IPaddress, etc. Behaviour palern Transac:on metadata Metadata from the other systems Current operaron pazern: Legi:mate user makes a typical transac:on in a banking mobile app Entered correctly from the first try Known device with a good background info Typical geoloca:on and IP-address Typical behavioral palern Typical transac:on User Risk: low TransacRon risk: low AcRon: allow transac:on Result: transac:on allowed with no addi:onal ac:ons from a user No red-flags from the other systems, e.g. SIM-card never switched, mobile number never changed, no SIEM alerts, etc. 30

25 RBA: Step-Up and De-escala:on RBA checks the pre-requisites Login+pass Device fingerprint Geoloca:on, IPaddress, etc. Behaviour palern Transac:on metadata Metadata from the other systems Current operaron pazern: Legi:mate user makes purchase abroad Entered correctly from the first try Known device with a good background info Non-Typical geoloca:on and IP-address Typical behavioral palern New transac:on type, but no fraud-signs detected No red-flags from the other systems, e.g. SIM-card never switched, mobile number never changed, no SIEM alerts, etc. User Risk: low or medium TransacRon risk: medium AcRon: allow transac:on or request step-up using addi:onal factor Result: transac:on allowed aver two-factor authen:ca:on 31

26 RBA: Fraud Preven:on RBA checks the pre-requisites Login+pass Device fingerprint Geoloca:on, IPaddress, etc. Behaviour palern Transac:on metadata Metadata from the other systems Current operaron pazern: Fraudster alempts to make non-legal transac:on Entered correctly from the first try New device, no background or red-flags. Non-typical geoloca:on and IP-address Non-typical behavior Risky transac:on and/or fraud signs Red alerts from the other systems: e.g. new mobile number was added recently User Risk: high TransacRon risk: high AcRon: request step-up using addi:onal factor Result: transac:on denied because of authen:ca:on failure 32

27 Unified authen:ca:on plaborm concept Bank s systems Channels ACS Partners Universal id Authen:ca:on plaborm s API Key principles Ac:on s risk measurement Dynamic challenge selec:on Mul:factor authen:ca:on Mul:modal biometrics Basic authen:ca:on subsystem Analy:cs and decision subsystem Biometrics management subsystem pwd otp token face voice palm External models and data sources Biometrics role Addi:onal trust factor for ID One of the many authen:ca:on factors Comfortable tool for end-users 33 27

28 Next steps for applica:on Iden:fy and categorize all the authen:ca:on op:ons used Iden:fy all channels, where authen:ca:on is needed Create matrix of applicability for channels and auth factor Set weight s for auth factors in each channel Biometric tuning is a must Integrate biometrics with IAM and fraud-monitoring solu:ons 28

29 THANKS! QUESTIONS? Anton Mitrofanov Leyla Goncharenko