Shareholder Authentication (published 2015)

• Table of Contents
• Introduction
  • Universe of Transactions
    • Nature of Participants in Shareholder Transactions
    • Types of Shareholder Transactions
    • Means of Transmission of Transaction Requests
• Authentication In Theory
  • Principles of Authentication
    • The First Authentication Factor: What You Know
    • The Second Authentication Factor: What You Have
    • The Third Authentication Factor: What You Are
    • Multi-Factor Authentication
    • Non-Traditional Authentication Factors
    • Mutual Authentication
    • Positive and Negative Authentication Factors
  • Limitations of Authentication
    • Limitations of Authentication Measures in Common Use
    • Limitations of Authentication Measures Generally
• Authentication In Practice
  • Technological Solutions
    • Shareholder Knowledge
    • Hardware and Software Tokens
    • Biometrics
    • Behavioral Patterns
    • Protection of Authenticated Sessions
    • Authentication of Devices
    • Authentication of Transactions
    • Authentication of Fund Groups (Mutual Authentication)
  • Operational Initiatives
    • Overall Threat Environment
    • Risks Associated with Authentication Systems
    • Risks Associated with Particular Transactions
    • Potential Legal Consequences of Transactional Fraud
    • Limiting Potential for Damage from Fraudulent Transactions
    • Protection of Online Transaction Systems
  • Educational Efforts
    • Employee Training and Awareness
    • Shareholder Awareness
• Insurance
• Glossary
• Further Reading

In developing risk management approaches to shareholder authentication, fund groups may find it helpful to consider, among other questions: who has responsibility for authenticating shareholders in given transactions, what is the level of risk (i.e., the financial exposure) to the fund groups if such transactions are fraudulent, and what measures should be taken to reduce the potential risk of such transactions. Addressing these questions can, in turn, involve categorizing shareholder transactions by:

1. the nature of participants involved in shareholder transactions
2. the types of transactions, and
3. the means of transmission of the transaction requests.

In implementing risk management approaches to shareholder authentication, fund groups must assess and balance sometimes competing considerations, including the security level to be achieved, the degree of inconvenience that different measures may impose on shareholders, and the costs of various authentication-related technologies and systems. Where this balance is struck may depend, in part, on a fund group’s assessment of the relative risk associated with the particulars of the transaction at issue.