Shareholder Authentication (published 2015)

• Table of Contents
• Introduction
  • Universe of Transactions
    • Nature of Participants in Shareholder Transactions
    • Types of Shareholder Transactions
    • Means of Transmission of Transaction Requests
• Authentication In Theory
  • Principles of Authentication
    • The First Authentication Factor: What You Know
    • The Second Authentication Factor: What You Have
    • The Third Authentication Factor: What You Are
    • Multi-Factor Authentication
    • Non-Traditional Authentication Factors
    • Mutual Authentication
    • Positive and Negative Authentication Factors
  • Limitations of Authentication
    • Limitations of Authentication Measures in Common Use
    • Limitations of Authentication Measures Generally
• Authentication In Practice
  • Technological Solutions
    • Shareholder Knowledge
    • Hardware and Software Tokens
    • Biometrics
    • Behavioral Patterns
    • Protection of Authenticated Sessions
    • Authentication of Devices
    • Authentication of Transactions
    • Authentication of Fund Groups (Mutual Authentication)
  • Operational Initiatives
    • Overall Threat Environment
    • Risks Associated with Authentication Systems
    • Risks Associated with Particular Transactions
    • Potential Legal Consequences of Transactional Fraud
    • Limiting Potential for Damage from Fraudulent Transactions
    • Protection of Online Transaction Systems
  • Educational Efforts
    • Employee Training and Awareness
    • Shareholder Awareness
• Insurance
• Glossary
• Further Reading

Shareholder authentication is not a static issue. For this reason, fund groups may find it appropriate to regularly assess and re-assess the risks associated with their authentication systems. In this regard, fund groups may wish to consider not only the continued effectiveness of their current systems, but whether there are cost-effective new technologies or techniques that could further reduce the potential for transactional fraud.

The impetus to review the effectiveness of an existing authentication system can sometimes arise from actual or potential fraudulent transactions. For example, one fund group consulted for this study, after experiencing and investigating a small number of fraudulent transactions that appeared to have been initiated by identity thieves, undertook a comprehensive review of its approach to shareholder authentication, and closely analyzed and reconsidered how to approach different types of transactions.

Of course, fund groups may wish to re-assess their approaches even in the absence of actual or potential incidents. One fund group consulted for this study has a team of personnel dedicated to the identification and evaluation of emerging risks with regard to shareholder transactions. The team reviews and analyzes new technologies and other risk management techniques, and makes recommendations to a fraud prevention committee.