Shareholder Authentication (published 2015)

• Table of Contents
• Introduction
  • Universe of Transactions
    • Nature of Participants in Shareholder Transactions
    • Types of Shareholder Transactions
    • Means of Transmission of Transaction Requests
• Authentication In Theory
  • Principles of Authentication
    • The First Authentication Factor: What You Know
    • The Second Authentication Factor: What You Have
    • The Third Authentication Factor: What You Are
    • Multi-Factor Authentication
    • Non-Traditional Authentication Factors
    • Mutual Authentication
    • Positive and Negative Authentication Factors
  • Limitations of Authentication
    • Limitations of Authentication Measures in Common Use
    • Limitations of Authentication Measures Generally
• Authentication In Practice
  • Technological Solutions
    • Shareholder Knowledge
    • Hardware and Software Tokens
    • Biometrics
    • Behavioral Patterns
    • Protection of Authenticated Sessions
    • Authentication of Devices
    • Authentication of Transactions
    • Authentication of Fund Groups (Mutual Authentication)
  • Operational Initiatives
    • Overall Threat Environment
    • Risks Associated with Authentication Systems
    • Risks Associated with Particular Transactions
    • Potential Legal Consequences of Transactional Fraud
    • Limiting Potential for Damage from Fraudulent Transactions
    • Protection of Online Transaction Systems
  • Educational Efforts
    • Employee Training and Awareness
    • Shareholder Awareness
• Insurance
• Glossary
• Further Reading

In considering shareholder authentication issues, many fund groups evaluate the relative risks associated with particular transactions or combinations of transactions. In this regard, fund groups may consider, among other things:

• the size of transactions (whether in absolute terms or relative to previous transactions made by particular shareholders);
• the potential for certain transactions (e.g., changes in a shareholder’s bank account of record or address of record) to facilitate future fraudulent activity;
• the extent to which certain transactions might be viewed as potentially suspicious in combination with other transactions (e.g., redemptions occurring after changes to account information, including redemptions processed on the same day as an address change, or wire redemptions processed within a certain number of days of a change in bank account information);
• the extent to which certain transactions might be viewed as potentially suspicious in light of other facts and circumstances (e.g., a purchase request that is far in excess of a low account balance, or a one-time redemption to a foreign bank account); and
• the means by which transactions requests have been transmitted (e.g., transaction requests submitted by e-mail might be viewed as less secure).

Fund groups may (and often do) reach different conclusions about the potential risks involved with particular transactions or combinations of transactions. Some fund groups, for example, may impose the same transaction limits on purchases, redemptions, and exchanges, while other fund groups may conclude that purchases and/or exchanges present a lower fraud risk—and therefore may have higher transaction limits—than redemptions.