AVONDALE, Ariz. - A new study sheds light on the costs and challenges being felt by credit unions as they administer and support multi-factor authentication (MFA) and other authentication products and services.
The study, conducted by Sestus Data Co. and co-sponsored by Credit Union Journal, examined three questions:
* What type of multi-factor authentication (MFA) approach did your organization implement?
* How did your MFA choice affect your on-going support requirements/costs?
* How did your MFA choice affect your online customer activity?
Some 121 credit unions responded to the study, and shared these insights:
* Credit unions that implemented software certificates or software toolbar authentication methods experienced the greatest increase in support costs and the greatest decrease in online member activity. This was followed closely by challenge/response and secret image approaches.
* Credit unions that implemented virtual tokens (i.e. PhishCops) experienced the smallest increase in support costs (less than 1%), and it was the only method that reported no decrease in online member activity. The next best solution was geo-location solutions, with a reported 11.65% increase in support costs and 11.67% decrease in online activity.
* Challenge/response and secret image solutions were the most widely deployed method. However, credit unions that deployed challenge/response solutions reported an average increase in support costs of 18.3% and a corresponding average decrease in online member activity of 16.77%.
Member service managers have been hinting at a marked increase in member support calls following the adoption of the FFIEC regulatory MFA guidelines last year, according to Sestus Data. Until this study, however, no quantitative data existed on how the various types of authentication had impacted administrative support costs or online member activity.
None too surprisingly, authentication methods that required the most effort by members, such as installing software toolbars, configuring browser certificates, or registering questions and secret images, were reported to be the most difficult to support and contributed to the greatest loss of online member activity. Those methods that involved the least effort by members, such as virtual tokens (i.e. PhishCops) and geo-location, rated the best.
How The Survey Was Conducted
Respondents were invited to participate in the survey via an invitation facilitated by the Credit Union Journal. Respondents visited an internet-hosted webpage at ComplianceScore.com where they were asked three multiple-choice questions. Respondents selected their answers from a list of choices in the format 1% to 5%, 6% to 10%, etc. Ad-hoc or explanatory responses were not permitted. Respondents did not identify themselves.
Responses were correlated within each type of authentication and an average score for each type of authentication was then calculated to within two decimal places using a numeric scoring system. Scores ranged from 0.00 to 6.00, with 0.00 representing no increase in support costs/no reduction in online member activity, and 6.00 representing the greatest increase in support costs/the greatest reduction in online member activity.
Scores were calculated separately for support costs and activity loss. From these scores, an average percentage was derived.
The study may be downloaded from the Credit Union Journal at www.cujournal.com or from Sestus Data Company at www.sestusdata.com.