Multi-Factor Authentication

Multi-factor authentication (MFA) protects your banking credentials from unauthorised access. It is a critical security measure that banks use. The main purpose of introducing it was to combat the rising threats of cybercrime and identity theft post digitalisation.  

It was implemented for both online and mobile banking platforms, where users log in to their accounts. This layer of security ensures that even if a hacker gains access to a password, they still cannot access the account without the additional authentication factor. Multi-factor authentication safeguards your data and provides peace of mind.  

What is Multi-Factor Authentication (MFA)? 

Multi-factor authentication (MFA) is a security measure that requires users to provide more than one form of verification before accessing their accounts. Unlike traditional single-factor authentication, which relies solely on a password, MFA typically includes a combination of different verification systems.  

Types of multi-factor authentication 

There are three categories of authentication factors: 

Knowledge factor (something you know): 

This revolves around answering a personal security question. Passwords, PINs (personal identification numbers) and OTPs (one-time passwords) are some of the most common knowledge factor technologies.   

Possession factor (something you have) 

For this, users need to have something in their possession in order to log in. It could be a badge, token, key or phone subscriber identity module (SIM) card. In mobile authentication, the most common possession factor is a smartphone, which users use to receive a code via a text message, phone call or an OTP (one-time password) app. This code is then used to verify the user's identity and allow access to the system. 

Inherence factor (something you are) 

This consists of the biological characteristics of a user, which is used to verify the user at the time of login. Below is a list of some of the common biometric verification techniques: 

• Fingerprint scan 
• Facial recognition 
• Voice recognition 

Advantages of MFA 

• Strengthens account security by requiring you to enter more than just a password to gain access. 
• Protects against common attacks, such as phishing, keylogging and credential stuffing.
• Helps banks meet the regulatory requirements that are to protect sensitive data. 
• Acts as an early warning system to take immediate action in case your account is targeted. 

Limitations of MFA 

• It may be inconvenient for some users as it adds additional steps to the login process. 
• Users can face difficulty if there are connectivity issues.  
• If MFA fails and the backup methods aren't so secure, the accounts can become vulnerable to cyber-attacks. 
• There is a high dependency on devices. Authentication will fail in case the device is lost.  

Reserve Bank of India (RBI) on MFA 

The Reserve Bank of India (RBI) is increasing its focus on enhancing digital payment security by implementing multi-factor authentication (MFA). Recently, it has been working towards introducing a principle-based framework that will emphasise the use of dynamic and non-replicable authentication factors.  

It includes one-time passwords (OTPs), mobile device binding and biometric verification, to protect electronic payments and fund transfers. This new approach is designed after seeing the rising popularity of digital payments. 

The framework suggests the incorporation of an Additional Factor of Authentication (AFA) to verify the identity of the user when making payments online.  

Endnote 

For added security, you should always set up backup authentication methods. This will help you regain access when your primary device is lost. For that, you can use recovery codes or an alternative contact number. Furthermore, keep your passwords or biometric locks and contact information linked to accounts regularly updated. These practices can help you balance security and accessibility, preventing lockouts while protecting your accounts.