I came by this on an ISACA journal Volume 6, 2007, and thought it useful to keep a record here.
Institutions heavily favour technologies that require the least amount of additional infrastructure and can be deployed in the most expedient fashion. The study showed that the security of an authentication technology is an evaluation criterion, not *the* evaluation criterion, so technologies such as tokens were not so popular. Other factors such as user acceptance, ease of use, cost, enrolment time, deployment time and maintenance all have strong weights. Here is the list of authentication technologies used *by banks*, in order of preference:
- Risk-based
- Device ID
- Random images
- One-time passwords
- Mutual authentication
- Challenge questions
- Geographic IP
- Transaction monitoring
- Behaviour
- Fingerprint authentication
- Fingerprint recognition
- Adaptive authentication
- Keystroke dynamics
Here are the main vendors listed at the time:
- RSA – security tokens
- Bharosa
- Green Armor Solutions
- Verisign – digital certificates
- Passfaces – visual recognition
- BioPassword
- DigitalPersona
- Corillian
- VASCO
- Quova
- Actimize
