Snippet: While technology continues to evolve to help combat fraud, so do the strategies of savvy fraudsters. Protecting customer accounts, both consumer and business, has been a top priority for financial institutions everywhere for some time, but even more so now with the increased use of Internet and mobile banking channels.

While technology continues to evolve to help combat fraud, so do the strategies of savvy fraudsters. Protecting customer accounts, both consumer and business, has been a top priority for financial institutions everywhere for some time, but even more so now with the increased use of Internet and mobile banking channels. This is where transaction signing comes in. In order to keep account data safe, reputational damage at bay, and adhere to international requirements, financial institutions are turning to this powerful means of boosting security.

Transaction signing is used to verify the authenticity and integrity of an online transaction by requiring customers to digitally sign major transactions, such as large monetary transfers or online changes to personal customer details. This extra layer of security is especially important for business banking accounts because many small businesses are not able to spend enough time or money on fraud prevention, too often relying on their banking institutions to play this role. 

They hold their financial institutions responsible for securing the online and mobile channels. In fact, in Poneman Institute’s 2012 Business Banking Trust Trends Study, 72 percent of U.S. businesses asserted that their banking institution is ultimately responsible for ensuring their online accounts are secure. This creates a potential liability issue for both the bank and the business.

Unlike consumer accounts, corporate accounts are not generally protected from financial losses stemming from account takeover fraud. In fact, many businesses are surprised to learn that banks have no legal or regulatory obligation to reimburse them for attacks, as federal regulations do not cover commercial accounts. 

Businesses’ and banks’ differing assumptions on liability in the event of fraud have generated a number of important court cases. While banks in the U.S. have generally done an adequate job adhering to the FFIEC guidance for high-risk transactions, several courts have deemed that simply following the FFIEC guidance is not sufficient. Applying the U.S. Uniform Commercial Code, courts are finding that affected banks could and should do more under an interpretation of what constitutes “commercially reasonable” information security.

In addition to the financial risk of potentially refunding business customer losses, banks experience reputational damage and ultimately run the risk of losing customers. Businesses that have been hit by fraud feel betrayed by the bank they thought was protecting their money and often take their business elsewhere. Banks are faced with the decision of whether to absorb the losses incurred by customers in account takeover attacks in order to retain their customers. The 2011 Business Banking Trust Trends Study by Ponemon Institute found that, in 78 percent of attacks, money left the financial institution before the attack was recognized and in half of the cases, the financial institution took all or some of the loss. 

Adhering to industry standards and regulatory requirements is also a top concern for financial institutions. Since governments and regulatory bodies in several territories are embracing secure digital transaction signing by setting industry standards and enacting regulatory requirements, U.S. financial institutions that operate abroad must implement transaction signing solutions that meet the requirements of each of the nations they do business in. One of the strictest standards in effect is the Monetary Authority in Singapore (MAS) Technology Risk Management Guidelines, which states that banking customers should be able to review individual transactions as part of a batch and sign them on an out-of-band device. Singapore is not the only territory implementing similar requirements, others include South Korea and Taiwan.  

Implementing transaction signing solutions is a must for banks that want to effectively protect themselves and their customers. Financial institutions wanting to offer online banking services to the corporate banking segment must provide a highly secure environment that meets stringent regulatory requirements at home and abroad. Whether required by regulatory authorities or not, transaction signing solutions ensure the authenticity and integrity of online transactions, helping to restore confidence in mobile and online channels, and to solidify the trusted relationship between banks and their customers.

For more information why transaction signing is important for U.S. banks, download Entersekt’s new white paper, The Importance of Transaction Signing to Banks.

Subscribe to our blog.


Entersekt editor

Entersekt editor

An avid scowler and violent sharpener of pencils, Editor’s bark is worse than her bite. Every scrap of writing that crosses her desk she treats with the same care she would her own privately published comic verse. Any orphans and misfits, she takes under her wing. After hours, she practices amateur type design and represents her local library in extreme kerning competitions.

Entersekt Logo

Entersekt is an innovator of customer-centric fintech solutions. Financial services providers and other enterprises rely on our patented mobile identity system to provide both security and the best in convenient new digital experiences to their customers, irrespective of the service channel. With us, they can concentrate on their innovation roadmap, while delivering intuitive, low-friction digital experiences to their customers.