Citing increased fraud affecting its
education and testing procedures, the Nationwide Multistate Licensing System
(NMLS) is implementing a new biometric password system for use by its
instruction providers. NMLS, which handles
state licensing of loan officers and mortgage brokers and lenders and provides
information about licensees to consumers, says the fraud has primarily been
limited to its online continuing education (CE) courses and usually involves
the sharing of the course user ID and password for login access.
NMLS, in trying to find a solution to the
problem, identified three alternatives; remote proctoring,
knowledge-based authentication, and bio-metrics. It issued a request for proposals in 2016, identified
three vendors and conducted a pilot study with each. The contract was ultimately awarded to BioSig-ID.
BioSig-ID says the types of log-in
identification used in most situations, an ID and a password using various
letter, number, and symbol combinations is easily compromised (or as is
apparently happening with NMLS, shared.)
It does, however, have the advantage of being easily changed once the
compromise is discovered.
An alternative is identifying the user
with biometrics, usually a fingerprint, facial identification, or an iris
scan. These can be expensive to
implement and are not necessarily foolproof.
If they are hacked or compromised, they can’t be replaced. As Bio-Sig puts it, you can’t grow new a fingerprint,
or a face, and hacked metrics can be used anywhere without the owner’s
The solution Bio-Sig is providing to NMLS
is “multi-factor” identification. The
end user still has a password, but rather than a complicated and forgettable code,
it is a single self-selected set of letters which are drawn with a mouse,
stylus, or finger. Every user has a
distinctive way of moving the chosen instrument, and the software looks for
identifiers such as the length, speed, direction, angle, and height of each
stroke. At log-in the system can almost instantly,
after the individual draws only three or four characters, match and verify the
password being entered against the one in its records.
NMLS tested the software with 174 students
who logged in a cumulative 858 times, an average of 4.59 authentications. It took an average of 2.5 minutes for each
student to set up their password.
All vendors who provide CE education for
NMLS will be required to have the authentication program in place by August
21. NMLS is absorbing the cost of the
Article source: Mortgage News Daily