Establishing a frictionless layer of trust across every step of the user journey

Keyri Blog Post - Frictionless Layer of Trust
User identities are at risk.

Digital transformation has been in overdrive in recent years with financial institutions rapidly adapting to consumer behavior changes, which have largely shifted from offline to online transactions. Simultaneously, enterprises continue to accelerate migration to the cloud to manage millions of digital identities across complex environments.

This paradigm shift coupled with unprecedented growth in digital activity has seen a corresponding increase in intensity and regularity of identity theft, fraud, and data breaches on a daily basis. Specifically, account takeover (ATO) fraud involving bots, phishing, social engineering, credential stuffing, and brute-force attacks to infiltrate systems to compromise user accounts is on a sharp increase. This has not only resulted in steep remediation costs for businesses but also made available an endless list of breached password credentials, putting digital account security at even greater risk.

To circumvent the negative business impact, it’s necessary for a solution to differentiate a trusted user from a fraudster and combat all types of fraud, while enabling a frictionless experience for customers.

Authentication is the weak link.

Current authentication solutions remain both vulnerable to attacks and are the main points of friction for consumer onboarding and login flows. A modern approach must solve both usability and security issues, allowing digital-first financial institutions to not only remain competitive with their products but also meet regulatory requirements.

Companies are understandably growth focused, but growth objectives can only be achieved when customers are delighted with the most seamless user experiences. Legacy authentication solutions manage this through a balancing act that compromises security, pushing these organizations to relax account security controls, which promotes continued abuse by bad actors.

Recent breach reports show that one-time passcodes (sent via SMS, email, or generated by authenticator apps) and push notifications sent to a mobile device remain the most susceptible to man-in-the-middle phishing attacks.

Meanwhile, global financial regulations have added cumbersome requirements that have left companies with authentication solutions that frustrate their users, with no end to fraudulent activity in sight.

Only by building an invisible layer of security by design within mobile and web applications can we achieve the desired level of security while augmenting the user journey, from account origination to the transactions that follow.

Keyri merges ease of use & security.

Authentication on mobile devices is ideal due to the availability of biometrics. Web apps, however, still rely on weak passwords and tedious MFA methods.

Keyri leverages QR codes, which have gained ubiquity across the globe and offer an intuitive experience. When used for login, users can easily scan a QR code with their camera app rather than having to type in passwords or inconvenient 6-digit OTP codes.

With Keyri, every login is transformed into a one-step biometrics-based process that creates a seamless UX while strengthening security. Users simply scan a QR code on your webpage with their smartphone and pass biometrics in your mobile app to authenticate into your web app.

Our login approach is powered by asymmetric cryptography, creating a true passwordless experience. Paired with our advanced device intelligence and risk analytics, we are able to offer the most robust phishing-resistant MFA, making it an ideal solution across web and mobile.

How Keyri works.

Our simple user experience is backed by layers of security. Keyri has taken a security by design approach to authentication, eliminating shared secrets with our asymmetric cryptographic architecture.

Key pairs are generated at registration, with the private key being stored on the user’s phone and the public key being stored in your authentication server. When a user passes biometrics, they send end-to-end encrypted requests through the Keyri API to your server for decryption and confirmation that they are who they say they are. 

Keyri’s API does not interact with any user information, thus strictly preserving privacy. Furthermore, the use of public keys that sit in your server are of no use to an attacker without the user’s private key.

Our open-source SDKs, pre-built UIs, and multitude of integrations make it easy to get up and running with implementation time taking as little as one day.