Shareholder Authentication (published 2015)

• Table of Contents
• Introduction
  • Universe of Transactions
    • Nature of Participants in Shareholder Transactions
    • Types of Shareholder Transactions
    • Means of Transmission of Transaction Requests
• Authentication In Theory
  • Principles of Authentication
    • The First Authentication Factor: What You Know
    • The Second Authentication Factor: What You Have
    • The Third Authentication Factor: What You Are
    • Multi-Factor Authentication
    • Non-Traditional Authentication Factors
    • Mutual Authentication
    • Positive and Negative Authentication Factors
  • Limitations of Authentication
    • Limitations of Authentication Measures in Common Use
    • Limitations of Authentication Measures Generally
• Authentication In Practice
  • Technological Solutions
    • Shareholder Knowledge
    • Hardware and Software Tokens
    • Biometrics
    • Behavioral Patterns
    • Protection of Authenticated Sessions
    • Authentication of Devices
    • Authentication of Transactions
    • Authentication of Fund Groups (Mutual Authentication)
  • Operational Initiatives
    • Overall Threat Environment
    • Risks Associated with Authentication Systems
    • Risks Associated with Particular Transactions
    • Potential Legal Consequences of Transactional Fraud
    • Limiting Potential for Damage from Fraudulent Transactions
    • Protection of Online Transaction Systems
  • Educational Efforts
    • Employee Training and Awareness
    • Shareholder Awareness
• Insurance
• Glossary
• Further Reading

Many fund groups take steps to ensure that shareholders and/or their devices are able to confirm the identity and validity of the shareholders’ online connections to the fund groups. The most common form of authenticating the fund groups themselves is through the use of digital certificates signed by a trusted certifying authority (e.g., VeriSign or Entrust). By looking for “https” and/or a locked padlock icon in the browser’s address bar, a shareholder can readily verify that a fund group’s website has a valid digital certificate signed by a trusted certifying authority (and may examine additional details about the digital certificate by clicking on the padlock icon).

A number of fund groups also rely on the use of security images. As typically implemented, a shareholder must select a picture from a group of pictures. In subsequent logins, the shareholder will be shown the preselected picture and warned not to proceed if the wrong picture is shown.