Authoriti, based in New York City, has developed a patent-pending solution that enables bank customers to create and send a one-time use PIN to their financial institution for digital transactions, making for a much more secure process and helping to protect businesses and consumers from digital fraud.
Typically in transactions, the financial institution creates a PIN and sends it to its customer, but that can easily be intercepted and exploited by fraudsters. With the Authoriti code, customers give permission to the business – not the other way around. This subtle shift in control removes the root-cause of customer friction, yet still maintains a high level of security. No longer do they have to prove themselves worthy by responding to annoying challenges.
Digital Journal: What are the main security threats to businesses?
Michael Cutlip: Companies face a myriad of distinct security risks – from physical to digital, internal and external. Whether vendor supply lines or the availability of Personally Identifiable Information (PII) on social networks, the greatly increased and growing interconnectivity of all these risk points creates the primary threat for businesses today.
DJ: Are the threats for digital transactions different?
Cutlip: Digital transactions are at risk from a subset of these overall threats. Not so long ago, a store proprietor or bank teller had three main crime risks – robbers, burglars, and fraud – the latter being ‘transactional’ risk. The labels in today’s digital environment may have changed (ransomware, hacking, and identity theft as examples), but the real risk multiplier is the interconnectivity that allows cybercrime elements to act at scale and speed.
DJ: Where do the main threats come from?
Cutlip:If we divide cybercrime into nation-state, organized, and individual, then it is likely the organized crime elements pose the primary threat of transaction fraud.
DJ: How did you come up with the idea for the Authoriti technology?
Cutlip:The idea for Authoriti’s patent-pending Permission Code® platform is the brainchild of Authoriti founder Lou Steinberg. While analyzing the ‘Identity Theft’ fraud problem, Lou looked at the use of One-Time-Pins to authenticate users and questioned why the recipient sent a pin to the user to be returned to the recipient. It is a structure evolved from the legacy challenge-response security model which introduces interception/redirection risk to the single OTP, and hacking risk to the database of live pins.
Lou realized that granting users control to originate OTPs on their own device would not only eliminate the risks noted above, but also allow them to embed transaction details in each pin. Authoriti’s Permission Code smart pins allow recipients to validate not only ‘who’ the user is, but also the ‘what, when, where, and how’ the user is permitting the recipient to act on their behalf.
DJ: How does the Authoriti solution work?
Cutlip:Authoriti is a customer-centered, mobile-first experience which is completely aligned to the digital world. Users simply generate a Permission Code pin on their mobile device to control how their accounts and data may be used. Businesses receiving a Permission Code pin can easily validate the transaction details and immediately execute the transaction with confidence. With Authoriti, customers give permission to the business – not the other way around.
DJ: How are you testing the technology?
Cutlip:Authoriti’s Permission Code technology was thoroughly tested in-house and by independent parties prior to being marketed. The Authoriti service is already in use by New Jersey-based Valley National Bank, and we are preparing to roll out at other leading household name banks.
DJ: What is your roll-out / marketing plan?
Cutlip:Authoriti’s technology is highly flexible, and we have developed a number of use cases applicable across a wide range of industries. Valley Bank is using Authoriti technology to secure customer wire payment transactions. Beyond payments, we have developed use cases around account opening, customer service center interaction (chat and call centers), vendor invoice management, remote cash collection, data sharing and data aggregation services. While initially focused on direct marketing to the North American financial services sector, we are expanding our sales team and are now reaching out to healthcare, insurance, hospitality, transportation, municipalities and more.