The traditional way of authentication is changing
Dan Dica, Regional Director, Pacific, India and Japan, Vasco, shares his thoughts with Jasmine Desai on security risks, rising cyber frauds and malicious activities in Indian market and explains the company’s technologies in the security space. Excerpts…
Do you think 2FA is dead?
Authentication is a growing market. User name and password are dead. They should be banned either by regulators or by common sense. You cannot put your credentials of credit cards or other personal information just by user name and password. The traditional way of authentication is changing but user authentication is definitely not dead. The more we go online and more there are online transactions, user authentication is going to become stronger.
What are your thoughts on authentication based security product market in India and how is Vasco placing itself among other security vendors?
Vasco started business in Europe, some 20 years ago mainly focusing on banking transactions security. The market in India is no different from global market in our perspective. Like global markets, the number and size of financial transaction are growing enormous but there are no RBI (Reserve Bank of India) regulations or mandates asking banks to have strong authentication based security. As a result, most banks here deploy a very basic authentication based security mechanism. Given this situation 2FA (two-factor authentication) today has been misinterpreted by many banks as 2FA is something you have and something you know. But banks sometimes ask for two passwords.
From regulation point of view, there are very advanced markets like European markets wherein the third level of authentication is making inroads, while in some other markets it’s in the second stage. In India, they adopt very basic authentication, which doesn’t solve the problems. With this pace, India can face very aggressive cyber attacks. By 2016, all customers according to me should have some form of tokens like Digipass for login purpose.
Given India’s demography being very diverse, the advantage would be that we not only bring experience from various markets like Europe or America but also from Bhutan, Sri Lanka, Qatar, and Brazil. With all these experience, we bring expertise and security solutions to India that can be mixed and matched to cater to different demographics. We have built and created over 60 different Digipasses, because every market is different with different set of regulations.
What are your views on enterprises accepting BYOD and any suggestions you would like to share?
We have partnered with Intel, wherein Digipass technology has been embedded in the Intel chipset. Every laptop with an Intel chipset becomes a token. Instead of carrying a token, a laptop has become token in itself. With the latest Intel chipset via Digipass platform you can bind your device with Intel and do your authentication via Digipass in the cloud. MyDigipass validates credentials and do authentication in the cloud. There are various solutions here like Digipass for Windows for web browser security and others.
India is moving toward cloud based application adoption and one has to ensure that only the right intended user gets the access as its very important factor from application security standpoint. And this makes organizations look forward to two factor authentication even more. Every consumer and customer using internet should have a digipass token. When I say a digipass, it can come in many forms like 2FA or even 3FA RBI has mandated EMV (Europay, Mastercard & Visa) solutions and thus, most credit card will have a chip inside and we will be having our technology there.
Can analytics be used for risk management?
As an offering we have two back-end systems. One is authentication server and other is authentication engine. All our authentication comes with back-end report. The back-end server is capable of providing analytics on who logged in when, on what device, what type of Digipass they have, what time they logged in etc. Though we are not into fraud detection, we are the ones who safeguard the gates. So we have the knowledge of who came in and what was the device, how did they came in. So if ever there is a breach our information can be referred to as a starting point. We do consult organizations in terms of 2FA.