(PRWEB) June 28, 2008
On April 7, 2008, The Credit Union Journal, the nation's leading newsweekly serving credit unions, published the results of a study of multi-factor authentication solutions implemented at U.S. credit unions. The study graded different multi-factor authentication solutions in terms of their supportability and their overall acceptance by users. The study examined three questions:
- What type of multi-factor authentication (MFA) approach did your organization implement?
- How did your MFA choice affect your on-going support requirements/costs?
- How did your MFA choice affect your online customer activity?
Credit unions that implemented software certificates or software toolbar authentication methods experienced the greatest increase in support costs and the greatest decrease in online member activity. This was followed closely by challenge/response and secret image solutions.
Credit unions that implemented PhishCops® virtual tokens experienced the smallest increase in support costs (less than 1%), and it was the only method with no reported decrease in online member activity. The next best solution was geo-location solutions, with a reported 11.65% increase in support costs and 11.67% decrease in online activity.
Challenge/response and secret image solutions were the most widely deployed solution, however, credit unions that deployed challenge/response solutions reported an average increase in support costs of 18.30% and a corresponding average decrease in online member activity of 16.77%.
AVERAGE REPORTED INCREASE IN SUPPORT COSTS:
25.65% Software Certificates
21.00% Software Toolbars
18.30% Challenge/Response & Secret Images
15.85% Hardware Tokens
00.85% Virtual Tokens (PhishCops®)
AVERAGE REPORTED DECREASE IN USER ACTIVITY (USER LOSS):
27.00% Software Toolbars
21.88% Software Certificates
16.77% Challenge/Response & Secret Images
16.25% Hardware Tokens
00.00% Virtual Tokens (PhishCops®)
HOW THE STUDY WAS CONDUCTED:
Credit Unions were invited to participate in the survey via an invitation facilitated by the Credit Union Journal. Respondents were asked three multiple-choice questions and selected their answers from a list of possible responses in the format 1% to 5%, 6% to 10%, etc. For example, in answer to the question, "How did your MFA choice affect your on-going support requirements/costs?", respondents selected an answer from the following list: "0%", "1% to 5%", "6% to 10%", "11% to 15%", "16% to 20%", "21% to 25%", and "Over 25%". Ad-hoc or explanatory responses were not permitted.
Responses were correlated for each type of authentication and an average score for each type of authentication was then calculated to within two decimal places using a numeric scoring system. Scores ranged from 0.00 to 6.00. 0.00 represented no increase in support costs/no reduction in online member activity and 6.00 represented the greatest increase in support costs/the greatest reduction in online member activity. Scores were calculated separately for support costs and activity loss. From these scores, an average percentage was derived for each type of authentication.
When asked for a comment on the study, Sestus Data CEO Taun Willis offered the following, "Our customers kept telling us how much easier our PhishCops® product was to support and how much better it was being received by their users than their previous solution, but there seemed to be no research on the subject for us to use in actual comparison. So we contacted the Credit Union Journal and asked them if they would be interested in sponsoring this study. They agreed and we are naturally extremely pleased with the findings. The findings prove what we have been hearing from our customers, that our PhishCops® product is significantly more popular with users than all other forms of multi-factor authentication."
The study may be downloaded from the Credit Union Journal or from Sestus Data Company here.