Banks aren’t always known for being technical innovators – which is one thing that gives startups in the financial services space an edge. But this morning Capital One is attempting to change that perception with the launch of a new technology called SwiftID – a way to authenticate users with just a swipe on the smartphone’s screen. SwiftID, which aims to do away with the typical security questions like “name of your first pet?” or “mother’s maiden name?,” is the first offering of its kind in the financial services industry, Capital One claims.
This mobile app-based tool takes advantage of different security mechanisms to protect users’ accounts against fraud, rather than forcing you to prove your identity by answering questions. As you’re probably familiar, this sort of additional security protection generally pops up when there is something different a about your sign-in – for example, you’re signing in to a website using a different web browser, or you’re on a new computer. Companies then ask users to take extra steps to prove they are who they say they are in order to protect against fraud and hacks.
While the protection is necessary, the process itself is not very user-friendly.
Now, SwiftID will take the place of those security questions for users of the Capital One Wallet app and website. In the app, users can sign up for SwiftID, which then captures a unique image of their phone as a way to identify the user going forward. After sign-up is complete, whenever there’s a need for strong authentication at login, a push notification is sent to that registered phone.
Users only have to swipe on the push notification to confirm their activity. The swipe takes the user directly to a screen in the app, which is what allows SwiftID to confirm it’s really you by comparing the unique image of the phone to the registered image it has on file. It then sends an approval to the requesting system on the user’s behalf.
After a tap on the approve screen that displays, the user can then return to their computer and will be logged into CapitalOne.com without having to take any additional steps.
The new technology is basically a form of two-factor authentication, which means that the user is identifying himself or herself not only with their username and password combination, but also with something they have on their person – that is, their mobile phone.
Two-factor is commonly used today, especially in corporate settings and in the financial services industry, or anywhere else personal and private data is in need of additional protection. However, in many cases, the systems today use things like smart cards, biometrics (as with fingerprint or voice authentications), or, on mobile, the system might send users an SMS text message with a code they need to enter at the time of sign-in.
It’s unusual to see a two-factor authentication system used by a bank that takes advantage of push notifications and swipes to make the process of authentication easier on the end user.
In addition to securing accounts at the time of logins, SwiftID will also allow users to take other actions that may have earlier required a call to customer service, like changing their address on their account or scheduling transfers over their limit, for example. And it will send users an alert if their card gets locked because of suspicious activity, which users can then instantly unlock via a SwiftID authentication.
Capital One says the technology is arriving now in its Capital One Wallet mobile application, and will soon be available in the other Capital One apps as well.