Passwordless authentication provider Keyless has partnered with identity proofing and compliance solutions provider Jumio to help financial institutions fight account takeover fraud. The partnership will enable banks to strengthen identity assurance during payment authentication and account recovery, aiming to prevent surging cases of one-time password (OTP) fraud.

Following the increase in digital payments usage, financial institutions are facing difficulties when trying to ensure that a transaction or a payment is authorised by a genuine account holder, and not a bad actor, something the partnership aims to change, as per a Keyless spokesperson’s statement in the press release. Identity verification and how the collaboration falls into place Making use of the latest technologies, Jumio’s identity proofing and eKYC solutions help verify digital identities with high levels of assurance in a quick, accurate, and compliant manner. The Keyless and Jumio partnership is set to ensure that customers are enrolled for biometric authentication, as Keyless is going to leverage the same selfie that was used during the identity verification checks with Jumio, as opposed to reverting to OTPs for authentication, which are known to offer low identity assurance later in the customer lifecycle.

Jumio officials stated that following the partnership, both companies aim to remove barriers between authentication and identity, improve assurance tenfold and make account takeover attacks ineffective for bad actors, so that they can no longer exploit compromised credentials, phone numbers, or other personal information to have account takeover fraud committed. By leveraging the same selfie, banks can confirm with high assurance whether the person authenticating is the same person who had identity verification checks completed initially with Jumio. What is more, to further improve assurance, Keyless carries out device verification checks during each authentication, offering a second factor security challenge that is PSD2-SCA compliant.

Keyless officials added that due to the partnership with Jumio, financial institutions that leverage Keyless are enabled to strengthen identity assurance throughout the entire authentication lifecycle, from payment authorisation to account recovery, without having unnecessary complexity added to the authentication process or having themselves exposed to risk. Banks that use Keyless can achieve strong identity assurance without there being a need to gain informed consent from customers, and without any risk to the customer’s privacy, thanks to the company’s privacy-preserving capabilities, thus being helped with having their compliance posture enhanced with evolving data privacy regulations. Cybersecurity and Keyless product offering In a September 2022 report, Sift detailed a 131% increase in ATO attacks in 2022 across its global network, with compromised credentials making up for most drivers behind said attacks.

Furthermore, a Juniper Research study on online payment fraud highlights that losses caused by online payment fraud are expected to exceed USD 343 billion globally between 2023 and 2027, with an approximate of one third of those losses believed to occur through money transfers and banking. As such, Keyless believes the partnership to be a game changer for financial institutions that are struggling with instances of fraudulent account takeovers and have a need to have their identity assurance strengthened without exposing themselves to compliance risk. Keyless offers privacy-preserving biometric solutions for workforce and consumer authentication, its patented technology leveraging privacy-enhancing technologies (PETs) for biometric authentication and identity management.

In 2021, the company was acquired by Sift and since then the companies have been working together to provide frictionless authentication experiences looking to eliminate ATO fraud, enhance security, and simplify compliance with regulations of the likes of GDPR and PSD2. .