Customer authentication gets a lot of attention when it comes to fighting fraud, and for good reasons. A Report taking a closer look at data from nearly 80,000 incidents from 88 countries around the world particularly suggests that stolen credentials were used in 61 percent of all attacks in 2021.
Phishing remains a key weapon for fraudsters. Customers at one Singaporean bank lost nearly $8.5 million after being tricked into surrendering their account details via SMS through a smishing campaign. The Australian Competition and Consumer Commission (ACCC) Scam watch department, meanwhile, reported a 106 percent increase in SMS scams— after tallying over 67,000 scams and $10 million lost in 2021.
Stronger customer authentication (SCA) based on secure mobile push notifications protected by biometrics could have prevented many of these fraudulent transactions while they happened. But banks that are serious about mitigating risks from phishing and identity theft can go one step further and prevent attacks before they can occur by taking advantage of Artificial Intelligence (AI) and behavioural biometrics to identify threats and minimise exposure.
Who’s behind that transaction request?
Fraud prevention starts with user friendly yet secure authentication: if only licit users can access their accounts, imposters can’t cause any damage. Strong customer authentication (SCA) regulatory requirements — which demand that customers confirm their identities through multi-factor authentication (MFA) using something they have or know, prompted financial institutions to fortify their authentication solutions.
Yet many financial institutions still rely on insecure authentication methods. The leading authentication method used by the institutions we surveyed was an SMS sent to customers’ phones — in spite of the security risks that SMS authentication entails.
A more secure and user-friendly way to protect log-ins and financial transactions is push authentication, one of the delivery channels that enable the use of a mobile phone to perform MFA, “Push” uses cryptographic techniques to link a specific device to its owner’s identity, making it impossible for attackers to impersonate someone without physical access to the device.
In fact, the most flexible push authentication solutions enable banks go completely passwordless by enabling device biometric capabilities — and eliminate the threat of compromised credentials.
Linking actions with identities
Strong Customer Authentication (SCA) is only one tool to prevent fraud. Data from customer device threat detection, customer behavioural biometrics, and customer payment transactions can be collected and incorporated as adjacent data with the usual user behavioural patterns. Common or usual behavioural patterns include things such as how a user type, swipe and interact with his or her devices. The benefit lies in and leveraging those patterns to flag anomalous log-ins and transaction attempts that simple authentication solutions might otherwise miss.
To provide risk-based decision and fraud prevention, the HID Risk Management Solution (RMS) utilizes a modern approach to continuously evaluate the entire consumer journey in real-time. The RMS solution leverages pieces of information that seem insignificant on their own but when combined, paint a portrait to prevent fraud across the entire journey.
Once users log into their accounts, RMS continues by evaluating the transaction context. Is a user checking their account balance or transferring a large sum of money? To what extent does this action deviate from their typical behaviour?
The benefits of being proactive
Together, consumer authentication methods and RMS power a proactive approach to prevent fraud, identifying threats earlier in the banking journey and making it easier for organisations to take effective proactive actions. It’s an especially powerful combination for fighting common types of bank fraud such as but not limited to Phishing Attacks, Zero-Day Attacks, Account Takeovers, Social Engineering & Scams, and SIM Swapping.
Cybercriminals will always be part of the digital banking landscape, but the damage they cause doesn’t have to be. Effective fraud prevention technologies that optimise user experience enable organisations to be proactive about risk — not just to protect their customers but to preserve the financial and reputational integrity of their business.
By Edwardcher Monreal, Principal Solutions Architect at HID