Enabling User Authentication As A Common Service Across Bank’s Digital Channels

Problem. Our significant banking client operates a diverse array of approximately 30 digital channels, each utilizing distinct user authentication methods. This fragmented approach to user authentication has proven to be highly inefficient, exposing the bank to elevated fraud risks and complicating the management of separate authentication systems. Consequently, the bank's 40 million end-users have been encountering a discontinuous, incompatible, and intricate user login and registration experience when accessing the bank's digital channels.

Possible Solution. A solution was devised to establish a unified authentication service that could be seamlessly utilized across numerous digital channels. This authentication service was meticulously crafted, encompassing two vital components: authentication orchestration services(to orchestrate all the authentication activities) and identity data services (credential data storage).

Key Metrics.

1. Centralized and coordinated authentication control-To provide a consistent set of authentication controls, Give users the optionality to pick and choose their preferred authentication controls(SMS, Email, Biometric, Password less).

2. Frictionless user experience due to a consolidated view on the user interface.

3. Creating efficiency and reusability - the capacity to utilize a single authenticator and risk assessment system across multiple processes or operations in order to lower expenses and minimize potential financial losses.

4. Simplifying the integrations in future with a centralized authentication hub.

5. Cross-channel integration-Cross-channel integration involves the capacity to seamlessly incorporate the centralized authentication component with other cross-channel elements, enabling the implementation of new capabilities that benefit both end users and the business.

Results .

• Re-architected the solution using a centralized authentication hub cloud solution, to provide orchestration of all authentication activities during user login, user registration, forget password, forget username, pre-sign on risk monitoring and post sign on risk monitoring.

• Centralized authentication hub was integrated with all major backend enterprise components including risk monitoring and logging systems, identity data storage system, log retention storage, authorization and validation system, risk decision engines, payment transactions systems, alerts, messaging & notifications.

• Designed workflow to trace the end user location, device, session monitoring during user journeys including-logging, registration, forget username and forget friendly ID.

• Designed level of assurance -low/medium/high for varying degrees of risk associated with user identities.

Knowledge Gained.

• CIAM Model-The backbone of the solution was the successful design of CIAM as a shared service model. Customer identity and access management (CIAM) enables the bank to securely capture and manage customer identity and profile data, and control customer access to applications and services. CIAM solutions usually provide a combination of features which may include customer registration, self-service account management, consent and preference management, a single sign-on solution (SSO), a multi-factor authentication (MFA) solution, access management, authorization, directory services, data access governance, identity proofing, identity orchestration, and even threat detection and fraud mitigation. Main goal of CIAM based solution was to ensure all customers have seamless and secure experiences to instill trust, no matter which channels (web, mobile, etc.) they use to engage with the organization.

• Enterprise Backend Integrations- One of the biggest lessons learned out of this solution implementation was the design requirements to meet both the functional and non-functional requirements of the bank. When the functional requirements such as user journey’s ,error handling, decisions based on risk engines, One-time-verification code(OTVC),logging and monitoring was in major focus ,the non-functional requirements emphasis on the reliability, availability, performance, scalability ,retention ,recovery goals. To support these business requirements solution was designed as an interoperable, interlinked agnostic, integrated with all the essential enterprise backend components for MVP1 release. Some of the pieces of these long complex interlinked systems include components such as -

1. Payments processor

2. Identity data storage

3. Front End UI

4. Fraud Risk engines

5. Authorization system

6. Customer Information Database using Restful API microservices

7. Logging and Monitoring-Event driven architecture

8. Log storage and retention

9. Alerts, notifications and email messaging queue

10. Data Mesh

• API Microservices architecture-The growing adoption of microservices-based architecture is increasingly apparent and has become a prevailing practice within large organizations. One of the foremost reasons driving this trend is the remarkable flexibility and agility offered by microservices, particularly in their ability to seamlessly integrate across different systems. A pivotal strategic choice made right from the outset of the design process was to embrace an API-first approach. This strategic decision guided the implementation process, harnessing the power of RESTful API-based services. This approach has made it remarkably easy for frameworks like CIAM to interact with the backend customer database, streamlining operations and enhancing overall efficiency.

• Event based architecture-Event-driven architecture, or EDA, is a strategic framework employed in system development. It hinges on the initiation of data flow and process execution through events—distinct occurrences or notifications signaling alterations in system states or the accomplishment of specific tasks. Events may originate from diverse system components and are directed to other components for the purpose of instigating precise actions or updates. This event-driven model was consistently upheld as a guiding principle throughout the development of the data strategy, culminating in the creation of a scalable, adaptable, and real-time processing model.

Here are the top 5 professional lessons learned:

Architecture Shapes Business Goals: Architecture serves as the conceptual blueprint for achieving business objectives. It's crucial to obtain buy-in from multiple stakeholders, as enterprise architecture should not operate in isolation.

Designers as Visionaries: Designers, like artists such as Picasso, create in the abstract. Not everything may conform perfectly, but designers play a vital role as visionaries in shaping innovative solutions.

Business Vision is Key: Business vision is a critical component in any new venture. Asking the right questions and mapping out both current and challenging areas are essential steps in the journey.

Lean MVP Approach: You don't need to invest approximately $40 million for an MVP (Minimum Viable Product). If it's a Proof of Concept (POC), aim to swiftly enter the market, demonstrating a feasible product to build trust.

Collaborative Architecture: Architecture is the result of collaborative efforts. Not everyone possesses all the answers, emphasizing the importance of collective wisdom in architectural decision-making.