Authentication is the root of the fraud problem. In other words, correctly identifying a valid customer, instead of an impostor who has the legitimate customer credentials, or a valid online transaction from a fraudulent one. And the user's behavior may be the best way to vet identity.
Hackers have already cracked the code on device identification, static data element matching, and static usernames and passwords. They have learned how to take over accounts with stolen credentials, guessed valid usernames and passwords, and impersonated customers the world over. A few well-placed phishing emails, or hackings or the buying of information on the Dark Web can provide every cybercriminal in every country the means to open the bank vault anywhere — at scale and low cost.
Malware known as banking Trojans are siphoning off millions of dollars from customers, after infecting their computers, laptops, mobile phones or any other remote devices. One-third of phishing emails in the first quarter of 2017 contained banking trojans. This onslaught of cyberattacks and fraud has given rise to new authentication approaches that could rival those from a James Bond movie.
Biometric technologies reveal what security technology can achieve by analyzing the intricacies of your relationship with your technology. Biometric data protection is being used to replace photographs, passwords and PINs. India, Mexico and Russia are driving the extraordinary growth of biometric systems. China has a biometric national ID program, and India is following as well. Computer storage of important documents has also created an increasing need for biometric security solutions.
Biometrics are used to identify people in an accurate and repeatable manner. Physiological characteristics used for biometrics include the face, fingerprints and DNA. Developments related to the ability to unobtrusively collect face and voice biometrics, supplementing fingerprinting that has been dominant. Biometric technology measures personal physiological characteristics for the purpose of unique identification and security. These physical biometrics are useful especially with other layers of authentication, but if stolen could have serious ramifications for customers when they are compromised.
Passive biometrics and behavioral analytics can detect if it’s the real human user interacting with the device or an impostor. Hackers will take over at the login, to initiate a transaction, credit applications, money movement, account changes, or open new accounts. This enables financial organizations to make solid risk decisions at any of these stages, because they have a fuller and more accurate understanding of the risk each user presents.
Passive biometrics track how a person holds a device, the cadence of their typing and a variety of other characteristics to verify the person behind the digital device. Behavioral analytics on observed characteristics will profile users and accounts through their life cycle across multiple channels. This enables risk managers to detect and respond to risk sooner to reduce the chance of financial loss. When the user does reach a transaction point, fraud managers have the full context of their current and previous behaviors, to make a better decision on the interaction.
Billions of these behavioral characteristics (nonpersonally identifiable information) is collected and analyzed, creating a consortium of anonymized digital identities to provide rich intelligence to score users as either good or high-risk. These digital identities remain completely anonymous, adhering to all privacy laws. Leveraging these solutions, banks are provided an early warning system, alerting them when a user is behaving badly, even if it is the first time the user is interacting with their site.
With passive biometrics and behavioral analytics, the user is identified by their online behavior and habits, and not on a single point of authentication. Organizations can detect good users more accurately while improving the customer experience. Tracking behavioral patterns reveals who the real users are, and when it comes to fraud attempts, banks and payment providers can leverage that intelligence to identify cybercriminals.
Observing user behavior in detail is the best way to beat fraud. Hackers can steal PINs, phones, credentials and more, but they cannot replicate individual human behaviors. This allows organizations to identify their true customers no matter where in the world they are located and in a convenient, frictionless way.