BLOG - The Term "Smart PIN" Is an Understatement

Think you know what’s packed into a Smart PIN? Authoriti makes you think again.

by Rick Dill, Authoriti

As many of you know, I have been immersed in the FinTech/Mobile/Security world for years, and have seen it all. I’ve had a front-row seat to some of the most hyped and revolutionary developments.

When I first came across Authoriti and met with the executive team, I thought to myself: PIN technology … what’s the big deal?

Man, was I wrong. The big deal is what’s crammed inside, who does the cramming, and what can be achieved because of it. It’s the reason I came on board with the company.

How Did We Get Here?

The Personal Identification Number originated with the introduction of the ATM in 1967, as an efficient way for banks to dispense cash to their customers. The system we’re all accustomed to, with a plastic card featuring an information-encoding magnetic strip, came along a few years later. This breakthrough allowed banks to replace traditional customer verification methods such as signature verification and test questions.

PINs, of course, aren’t supposed to be stored anywhere. They are typically validated on the fly by a couple of different validation systems. Remarkably, the whole process remains largely unchanged to this day. It includes an encoded card reader and a system that utilizes encryption techniques to assure security while information is transmitted to a remote location for verification.

So, what's not to like? Well, despite the name, a PIN does not really personally identify the user. It merely unlocks the associated account.

There are so many preconceived notions of what constitutes a PIN, that when we describe Authoriti’s Permission Code® technology as a Smart PIN, some people automatically assume it's what they're used to: little more than a key to authenticate access to a given account.

Fraud-Proof Transactions

However, Authoriti Smart PINs provide much more than just identity authentication. They provide fraud-proof transaction "authorization." That is, Smart PINs know “what” you want to do, not just “who” you are.

Imagine a PIN that’s smart enough to permit you (or anyone you designate) to access an account, for a specific reason, at this specific time, in this specific location. That's it. No one can transact on your account unless you deliberately authorize them to do so, under the set of parameters that you define.

Oh, did I mention – Smart PINs are generated and controlled by the end user, the individual that owns the account or the data. This is what makes Authoriti such a game-changer. We completely flip the model.

For example, the customer doesn’t receive a simple challenge PIN from the business (the bank, the call center, etc). Rather, the customer can easily generate a Smart PIN on his or her phone that authorizes the enterprise to execute the specific action that the customer desires. Authentication is just the starting point.

Even if a man-in-the-middle were to intercept a Smart PIN, it could only validate the transaction for which it was originally intended. The parameters can’t be tampered with. Not what today’s digital fraudsters have in mind. At this point, we hear “Oh, there’s a lot more here than I thought.”

Improving Wire Confirmations

Let’s look at a quick example to see how wiring money becomes fraud-proof using the Authoriti Permission Code Smart PIN. Today, before executing a high-risk transaction, banks typically challenge customers to prove their identity, again. They commonly use simple challenge PINs (“We’re sending you a PIN to send back to us...”) and delayed “call-backs” that are used to confirm wire instructions above a certain amount or to a new beneficiary.

The confirmation call is a nuisance to the customer and, further, given the information now available through social media and adept phishing attacks, it’s easy for criminals to imitate the customer and reroute the money. Frankly, the bank is never 100% sure if the authentication is genuine. Similarly, Dumb PINs sent to the customer can be intercepted and repurposed to approve the fraudulent payment.

In summary, identities are being misused.

With Authoriti, the solution is simple. Customers submit a Permission Code PIN with their transaction request. The Smart PIN details transaction terms to prevent it from being misused, and guarantees that the wire transfer originates with and is authorized by the customer and none other.

The FinTech industry spends billions and billions to combat fraud, but they are doomed to lose the battle because they are still playing by the old rules. It’s time to stop challenging customers. The friction is not only unnecessary, it still hasn’t stopped fraud.

The Authoriti Permission Code is the new model. It's the real deal. We let the customer tell the business what to do in an easy way that’s fraud-proof. I expected to respect the technology, but I'm truly excited about, and committed to, the Smart PIN and its impact.

In the past, co-workers have called me relentless. Just wait and see. I’m all-in with Authoriti.

Rick Dill is Account Executive with the Authoriti Network.