en_DS_Enhance-Authentication

Enhance Authentication with Zero
User Friction
With the world spending more and more time online, and more potent cyberattacks out there than
ever before, traditional username/password combos are no longer an adequate way to protect
your customers. Organizations need sophisticated, yet user-friendly verification strategies to
protect against unauthorized logins and data breaches. The solution you have in place should be
able to adapt to the ever-changing fraud threat landscape, but not be so stringent that your
customers become inconvenienced or even frustrated by it.
What if you could have the best of both worlds: strong protection against cyber threats, and zero
end-user friction? Now you can: with the latest in user authentication, you can stop hackers with a
technology so transparent that your customers won't even know it's there.
w w w . e a s y s o l . n e t

Device Identification: Authentication with Zero User Friction
1
An explosion in the number of devices popping up in homes and businesses — including desktop computers, laptops, mobile phones,
tablets, smart TVs, and IOT devices — has left enterprises scrambling to properly control access to their resources. The fact that username
and password combinations cannot be counted on as a layer of protection anymore only makes security an even more complex
undertaking. This is compelling enterprises to look at adding layers of authentication when sensitive data is retrieved, without
compromising ease of use.
Device identification technologies have been around for a long time, usually as one of the main layers that enterprises have implemented
to secure access while maintaining overall convenience. But many legacy device identification solutions were not built for the influx of new
devices, nor are they ready for the natural drift caused by the updates, new apps or and even new fonts that are added to the devices over
time.
Easy Solutions provides browser identification using a unique heuristic-matching technology that takes expected changes into account to
minimize unnecessary challenges or step-up authentication launches. It minimizes collision rates, maximizes accuracy over time, and is
able to provide for better identification of known devices while reducing false positives for unfamiliar ones.
Don't block your real customers – identify genuine changes to their devices while detecting new devices which may be fraudulent.
5
w w w . e a s y s o l . n e t 2

How Device Identification Works
2
Laptop, desktop and wireless devices are constantly changing. Plugins may be added or deleted, and users change the font size or type,
adjust screen brightness, clear cookies/cache to free up space, or update the operating system. This could cause device identification
issues, as a device's specifications will not be exactly the same the next time that a user attempts to log into their account. But our device
authentication algorithm adapts to these normal changes and maintains the ability to identify a device with precision after those changes
occur, while still effectively detecting the changes that indicate the presence of a new device.
When the end user connects to an online business's website, a piece of JavaScript that has been inserted into the login pages collects
numerous characteristics on the device and browser. The collected data is passed from the backend servers which then analyze the
information and perform device identification – even if the end user is attempting a login while in 'incognito' or private browsing mode.
The first step in analysis of the data is to create a hashed device ID and check if it matches previous device IDs used by the accountholder. If
so, we can make a quick decision that the device has been identified. This is just for speed though, and the solution doesn't stop there
(which has been the case in older solutions). If a match is not found, we then perform a full analysis of the context data to determine if it is
the same device, but with system changes made on it by the user.
The solution also analyzes 10 critical variables that provide a good comparison of the current device fingerprint to previous fingerprints in
the database. For each of those variables, there is a unique comparison logic. For example, the way canvas elements change and browser
fonts change are analyzed in very different ways. Each variable has a predetermined weight, or value, based on the probability that the
variable will change. So if a change is detected on a variable with a high probability of changing, that change (no matter how big it is) will be
considered low-weight, and will barely lower the total similarity percentage. This weighting is done in addition to the configurable
weighting that we allow our clients to configure. The critical device variables are as follows:
· Fonts
· Plugins
· Canvas
· Operating system
· User agent
· MIME types
· Style colors
· Screen dimension
· Navigator language
· Browser name
w w w . e a s y s o l . n e t 3

How Device Identification Works
2
These variables are all given a default weighting. The default values are based on our extensive testing and are the values with which we
were able to achieve the lowest false-positive rate.
The precise nature of our solution is reinforced with the following features:
· Cookieless – Clearing cookies won't affect the identification of devices and will make the process more secure by not being subject
to possible cookie theft.
· Heuristic Approach – Device identification works by comparing a user's current device to the device's fingerprint stored in
the database.
· Low Collision Rates – The chances of a device being confused for a similar one, a phenomenon known as collision, is extremely low.
· End User Whitelist – Once authenticated, the end user can choose to add the new device to a whitelist of registered devices, or
omit a device should it be public or insecure; for example, when on hotel lobby or internet café computers, or over unsecured Wi-Fi
networks.
Not only is our device identification effective at distinguishing registered user devices from first-time visitors (and potentially malicious
devices) via web browsers; the solution also has a version that specifically caters to mobile apps. Software Development Kits (SDKs) can be
embedded into an online business's native mobile application to dispense the same level of frictionless device authentication when users
log in over the mobile app as they would when doing so over a web browser.
The tolerance of the matching engine can be configured, allowing it to act more stringently or flexibly regarding what is considered to be a
device match. This allows you to tune the system according to your environment, ensuring that the appropriate level of acceptable degrees
of change in the device is precisely measured.
Multiple Dynamic Device Identification – Identify all of a user's devices, including those that are being updated
or used in private browsing mode.
w w w . e a s y s o l . n e t 4

Device Identification: Quick and Painless Integration
3
In addition, the importance and weighting of each group of variables can be configured. Such values are preconfigured based on our own
research to give an out-of-the-box readiness which works for a global setup and device range, but this can be fine-tuned depending on
your environment and specific needs.
This dynamic, adjustable approach to device-based user authentication provides your organization's IT department with the freedom to
strike a new kind of balance – between rigid access only given to exact matches or a more a malleable access standard. Be too flexible, and
potentially harmful access may be granted; but be too stringent and legitimate users may be forced to re-register their device almost every
time they make a login attempt, leading to a kind of customer attrition not unlike other kinds of legacy user authentication.
It is important to keep in mind that the biggest advantage device identification has over other types of authentication factors is its ability to
be highly secure and yet nearly invisible to the end user. A pleasant user experience is just as important as the level of security, maybe even
more so. A happy customer is a long-term customer, but a frustrated customer is one that is considering switching to a competitor.
w w w . e a s y s o l . n e t 5

About Easy Solutions
Easy Solutions® is a security vendor focused on the comprehensive detection and prevention of electronic fraud across all devices,
channels and clouds. Our products range from digital threat protection and secure browsing to multi-factor authentication and transaction
anomaly detection, offering a one-stop shop for end-to-end fraud protection. The online activities of over 100 million customers at 385
leading financial services companies, security firms, retailers, airlines and other entities in the US and abroad are protected by the Easy
Solutions Total Fraud Protection® platform.
Easy Solutions is a proud member of key security and banking organizations, such as the APWG (Anti-Phishing Working Group), and FIDO
(Fast IDentity Online), and its Digital Threat Protection suite is endorsed by the American Bankers Association (ABA).
For more information, please visit
http://www.easysol.net or follow us on Twitter:
@goeasysol
w w w . e a s y s o l . n e t s a l e s @ e a s y s o l . n e t
w w w . e a s y s o l . n e t 10