enterprisesecuritymag

Crysp: Implicit Multifactor Authentication Leveraging Behavioral Biometrics

Andy Viswanath, Co-founder, CryspAndy Viswanath, Co-founder
Multifactor authentication has become the norm to validate and confirm customers identity. While organizations want to ensure that their authentication process is as robust as possible, the added security layers in most cases are explicit and disrupts the customers experience. With its unique understanding of security threat landscape and customer expectations, Crysp provides solutions that enable organizations to move beyond passwords. Their low friction solutions enhance security while being seamless and transparent to the customers thereby improving the overall experience.

Dhiresh Salian, the co-founder of Crysp, explains that if a user has to go through second-factor authentication each time he or she logs or executes a sensitive transaction it affects the overall experience, resulting in negative brand recognition. “Crysp’s smart authentication verifies users with passively-obtained signals—login context and behavior—and assures better security while ensuring ease of access for users,” says Salian.

Crysp’s Smart Authentication platform offers a set of APIs and real-time analytics for authenticating users. One of the APIs, context verification, collects up-to-date information of a user’s device; this includes information on whether the screen lock is enabled or if the device is jailbroken. The Location Verify API, on the other hand, verifies the users’ proximity to “safe zones”. Similarly, users are verified using several other aspects, including touch-related sensor data, biometrics, and swipe patterns or swipe pressure. Crysp’s smart authentication platform uses Machine Learning to create behavioural templates for each user based on their context and device interactions. During the authentication process, the contextual data along with behavioral attributes are matched with the stored template and the user is prompted for second factor only if the collected information does not match.
Dhiresh Salian, Co-founder, CryspDhiresh Salian, Co-founder
This approach reduces the requirement for mandatory second factor resulting in improved customer experience.

Out of the several organizations which currently utilize the Smart Authentication platform, Salian illustrates the case of an online trading platform whose customers’ experience was impacting the uptake of the online trading platform. The platform required all the users to complete multifactor authentication each time they logged in which was negatively impacting the customer experience. With Crysp’s smart authentication, the contextual verification became the first factor, and the consumers were prompted for second factor only when they accessed other trading functionalities or making changes in their profiles. Resulting in greater customer satisfaction, the solution helped improve the uptake of the platform and positively impact the bottom line of the organization. With its system paving the way for smarter authentication and seamless experiences for customers, Crysp has continued to attract clientele from the U.S., Australia, India, and the Middle East.

Awarded the 2017 regional champions at the Startup World Cup as the most innovative startup, Crysp was one of the only 15 startups from around the world who took part in the world championship held in San Francisco in 2017. Crysp is currently working on the product roadmap to provide continuous authentication by identifying behavioral changes at any instant during a session and prompting the user for second-factor authentication when any anomaly is detected. “Many organizations, including banks, simply rely on logins through username and passwords, and over 95 percent of the cyber-attacks involve harvesting credentials and using them. Secondary factors—such as SMS OTP—are also prone to various attacks, so it is really important for organizations to think beyond these. That is where our smart authentication solution is the perfect fit,” concludes Salian.