2019 has been a difficult year for banks and other financial institutions (FIs) where financial fraud is concerned.
According to research from banking body UK Finance, fraudsters stole £616m from UK bank customers during the first six months of 2019. Meanwhile, new annual figures from Cifas, the UK’s fraud prevention service, suggest that instances of fraud have increased by six per cent.
The methods employed by fraudsters to perpetrate identity fraud are becoming ever more complex, and the increasing popularity of online and mobile channels has also opened up new vulnerabilities. But, it’s not all not doom and gloom.
With the new year just around the corner, let’s take a look at a few tools that can help financial organisations combat fraud in 2020.
With the sharp incline in the use of mobile banking over the past few years, ‘active’ biometric authentication methods – such as fingerprint scanning and facial recognition – have become the norm. The introduction of active biometrics has improved security dramatically and they’re now considered essential to the authentication process.
However, as cybercriminals continue to use sophisticated methods to exploit their victims, especially in vulnerable channels such as mobile, it’s clear that there’s a need for a more context-aware approach to authentication that doesn’t impact customer experience.
Behavioural biometrics takes existing authentication to the next level by capturing data points that provide insights into how the user naturally interacts with their device. It then generates a score assessing how well the data matches the user’s historical behaviour, or the behaviour of a representative peer group.
Instead of only relying on information from the moment of authentication, it continuously works in the background and analyses behavioural data to continuously verify the user’s identity. This behavioural analysis extends to metrics as specific as the angle at which the user holds their phone, swipe patterns and keystroke dynamics, thereby ensuring only a legitimate user is able to execute a transaction.
Crucially, behavioural biometrics are a completely unseen method of authentication, and ensures that no additional authentication that disrupts the user experience is required unless absolutely necessary. Not only do behavioural biometrics enhance security in the fight against fraud, but they also ensure customers have a seamless banking experience.
Identity fraud is one of the greatest threats facing the UK banking industry today, with severe and wide-ranging consequences.
Highlighting the scale of the issue at hand, new figures from Experian suggest that a new incident of financial fraud was reported every 15 seconds in 2018. The situation is inflamed by increasingly regular data breaches, giving cybercriminals access to sensitive PII that makes it a lot easier for criminals to commit both account takeover fraud (ATF) and new account fraud (NAF).
With this in mind, banks and FIs should look to harness the latest in emerging technology to minimise incidences and shield users from cybercriminals.
By combining traditional identity verification methods with advanced risk analytics, powered by AI and machine learning, banks can achieve context-aware identity verification. This involves a variety of checks, including real-time account checking, ID document capture, biometric verification and device geolocation.
This approach also enables organisations to review and analyse multiple pieces of information from different sources and across multiple digital channels to make security decisions in real-time, based on the total risk associated with a new customer.
Artificial intelligence (AI) and machine learning (ML) have grown to prominence in recent years as a way to streamline processes, automate decision making and create new services to drive customer engagement. In a financial services context, these technologies are being deployed as a means of fighting fraud through intelligent authentication.
AI- and ML-enabled intelligent authentication creates a “map” of historical user behaviour and assigns an accurate risk score to each transaction. This map is based on vast and disparate data, including transaction details, end user behaviour, the integrity of their devices and mobile apps, and other contextual data points.
So, for example, intelligent authentication can recognise that a customer regularly transfers £200 to the same account each month from the same mobile phone. The score and related level of risk for this transaction is based on the customer’s unique behaviour and context.
This level of analysis is important for a simple reason. If a transaction falls outside the usual scope of behaviour and contextual pattern, it is statistically more likely to represent an attempt at fraud.
However, banks can’t rely on this system alone, because it doesn’t account for natural variance. Customers may make a small set of regular transactions each week, but that doesn’t mean that each week’s activity is identical.
Instead of automatically denying an anomalous transaction, intelligent authentication challenges the consumer, granting conditional access to account features such as large fund transfers. If the user can pass the security hurdle and authenticate, then they can proceed with the transfer.
With the shift to intelligent authentication, banks will be able to capitalise on both greater security and a superior user experience.
So, there we have it! Three tools financial organisations can use to fight fraud in 2020.
While no single method is entirely fraud-proof, a combination of behavioural biometrics, identity verification, and intelligent authentication can help banks and other financial organisations minimise the risks. As we look to a new year, banks and FIs need to commit to implementing the latest technologies and authentication techniques, in order to keep customers safe, meet demands for an optimal user experience, and stay ahead of the competition.
Mark Crichton, Senior Director of Security Product Management, OneSpan