“Authentication of transactions” refers to efforts to establish that a given transaction is consistent with previous transactions made by the same user. This type of authentication is particularly common with respect to the use of payment cards (e.g., credit cards or debit cards), where, in many instances, little or no effort may be made to authenticate the cardholder, but where an anomalous transaction (e.g., a large electronics purchase or a purchase in a foreign country) may be flagged for verification by the cardholder, or may be denied outright unless the cardholder initiates a call to have the transaction accepted.
By contrast, authentication of transactions appears to less common in the fund industry. Some fund groups consulted for this study perform a heightened back-office, post-trade analysis to determine which transactions appear to be inconsistent with previous transactions and therefore potentially fraudulent. In addition, a few fund groups consulted for this study are using (or considering the use of) third-party services to analyze transactions. Such analyses might include an examination of the size and frequency of the transactions, the identities and addresses of recipients of redemption proceeds, and other indicia of suspicious activity. It appears that one positive consideration in using these services is that they enhance the authentication process, without generally having any impact on ease of use or shareholder convenience.
Authentication of transactions may be viewed as a form of “continuous authentication” or “post-authentication”—i.e., additional steps designed to confirm the identity of a user who has already been authenticated and has commenced (or perhaps even completed) a transaction session with a financial institution.1 This post-authentication may be done in real time (i.e., while the transaction session is still active) or after the fact, or both, as in the case of one fund group consulted for this study.
Back