By Firas Bouz and Debasisha Padhi
Innovation doesn’t always spring from a big idea. Quite often, asking “what if” or “why” inspires fresh thinking that leads to new or improved solutions.
For proof, you need only look to a recently patented process for multifactor authentication (MFA), which started with a simple question.
In mid-2018, Debasisha left his debit card at a restaurant. Before he realized it was missing and could freeze his account, someone used the card for several fraudulent purchases.
Being tech professionals and naturally curious, we began wondering why better protections weren’t in place to stop such crimes. It wasn’t long before we got together with two other colleagues and seriously asked ourselves if we could add a layer of security to prevent someone from using a stolen bank card—even if they had the PIN.
Our collective “yes” led to research, drafting and, eventually, a novel approach to digital identification known as multi-factor authentication utilizing device pairing (MFAUDP). In May 2022, nearly three years after we first posed the question, MFAUDP was awarded a patent.
Someday soon, this new technology may be used to protect organizations and individuals alike from cyber theft and fraud, proving once again that inspiration for innovation can come from the smallest or unlikeliest of sources.
Making a case for MFA
To be fair, MFA isn’t new.
Technology that requires end-users to provide two or more forms of verification to prove their identify before gaining access to an online account, allowed into a private network, or approved for a digital transaction was introduced in the early 2000s. In the two decades since, MFA has emerged as one of the most effective tools1 in the fight against cybercrime.
Unfortunately, no one has developed a foolproof authentication method. Card-related fraud like Debasisha experienced—which falls into the broader category of identity theft—is the most common type of fraud worldwide, costing consumers average annual losses ranging from $111 in Japan to more than $3,900 in Germany.2
The stakes are even higher for companies. Stolen or compromised credentials accounted for 19% of security breaches among businesses in 2021.3 Still, less than 30 percent of organizations currently use MFA, a staggering figure given that the average cost of a single business data breach now exceeds $4 million.
Not surprisingly, the COVID pandemic only exacerbated these and other problems. Cybercrime has ballooned 600%4 since March 2020, and costs associated with cyber incidents are on pace to reach $10.5 trillion5 by 2025.
We envision MFAUDP as a tool to combat the threat.