What is Out-of-Band Authentication?
By definition, Out-of-Band Authentication is the use of two separate networks working simultaneously to authenticate a user. Out-of-Band Authentication works well because even if a fraudulent user gains all security credentials to a user's account, a transaction cannot complete without access to the second authentication network.
In GEOACL's case, this means using the alternate device/channel to verify the identity of the user involved in a web transaction. Location based out-of-band authentication works well because:
• No additional hardware, software or training is required for the end user
• Users already carry phones, tablets and keep close track of them
• User's location can be determined in true real time
• The authentication process can be "closed-loop" with certainty of completion
• A strong, humanly understandable audit trail of the transaction is captured
• Easy to integrate with other multi-factor authentication techniques.
Out-of-band authentication using the location protection also enables rightful account owners to be made aware of attempts to breach their accounts from unknown places. If an account is protected by location based out-of-band authentication, the user will receive an email to authenticate a transaction or logon attempt before it completes. If the rightful account owner is not involved in the transaction, he or she cannot complete the location authentication (with location of acknowledgement also being tracked and compared with request location and location based ACL) and the fraudulent transaction will be cancelled before losses are incurred.
Out-of-Band Authentication step is optional in GEOACL authentication process and be selected for perceived high risk transactions. GEOACL authentication can work even without user involvement just by comparing user request location/transaction originating location with location based ACL set by valid user.