Poll reveals 100% of FIs still rely on outdated SMS OTPs for authentication
By Mzukisi Rusi, VP Product: Authentication & Identity
In a recent webinar for Q2 customers entitled 'Defeating evolving fraud with dynamic authentication,' my colleague, Steve Bledsoe, and I walked through why many banks and credit unions need to rethink their fraud prevention strategies. In particular, we looked at financial institutions (FIs) that still rely on outdated authentication measures like one-time passcodes (OTPs) to prevent today’s innovative fraud threats.
Our live webinar poll revealed something very interesting in this regard: 100% of the respondents currently rely on OTPs as part of their fraud prevention strategies. Needless to say, this warranted more investigation, along with other key insights that we discussed during the webinar.
Our live webinar poll revealed something very interesting in this regard: 100% of the respondents currently rely on OTPs as part of their fraud prevention strategies. Needless to say, this warranted more investigation, along with other key insights that we discussed during the webinar.
The current fraud landscape in online banking
To kick off the webinar, we discussed what the current fraud landscape looks like. And Steve brought up that FIs need to safeguard their customers from the never-ending cavalcade of traditional digital banking attacks like phishing scams. The reason why FIs need measures in place to block these 'old-school' attacks, as he put it, is because they "still work and are getting carried out with success." Case in point: Finextra recently reported that card-not-present (CNP) fraud is up by 26% in the first half of this year.
Unfortunately, the fraud prevention challenges for FIs don't end there. They are not just targeted by long-standing cyberattacks, like phishing, SIM-swap fraud and man-in-the-middle attacks. With the rapid advances in artificial intelligence (AI), fraudsters have far more at their disposal to carry out sophisticated fraud attacks.
As Steve pointed out, "You've got multi-channel, cross-channel [digital banking] attacks... and if you couple that with where the market is going, and those attack vectors with things like irrevocable payments... it's kind of an unsettling place [for FIs] to be."
That's why there's a clear need for more advanced authentication or fraud prevention techniques – to protect FIs and their customers from the full spectrum of attacks.
Unfortunately, the fraud prevention challenges for FIs don't end there. They are not just targeted by long-standing cyberattacks, like phishing, SIM-swap fraud and man-in-the-middle attacks. With the rapid advances in artificial intelligence (AI), fraudsters have far more at their disposal to carry out sophisticated fraud attacks.
As Steve pointed out, "You've got multi-channel, cross-channel [digital banking] attacks... and if you couple that with where the market is going, and those attack vectors with things like irrevocable payments... it's kind of an unsettling place [for FIs] to be."
That's why there's a clear need for more advanced authentication or fraud prevention techniques – to protect FIs and their customers from the full spectrum of attacks.
Evolving fraud requires innovative financial authentication solutions
OTPs are still in use today despite being introduced as a fraud prevention mechanism more than two decades ago. As I highlighted in the webinar, "OTP, a one-time passcode, is still the dominant authentication mechanism in this landscape where fraud is quite advanced."
Here's what I mean. Fraudsters are continuously innovating to overcome any new barriers the industry puts in place, like vishing attacks to counter out-of-band push notifications. So, from an FI's perspective, they need modern authentication solutions to keep pace with the latest threats. And OTPs are easily intercepted.
When authentication solutions have more context available, or as Steve explained, "good quality signals, understanding where the signals come from, and how they correlate to activity and behavior," they’re better equipped with the tools to fight the latest fraud threats.
Here's what I mean. Fraudsters are continuously innovating to overcome any new barriers the industry puts in place, like vishing attacks to counter out-of-band push notifications. So, from an FI's perspective, they need modern authentication solutions to keep pace with the latest threats. And OTPs are easily intercepted.
When authentication solutions have more context available, or as Steve explained, "good quality signals, understanding where the signals come from, and how they correlate to activity and behavior," they’re better equipped with the tools to fight the latest fraud threats.
Next steps to futureproof digital banking authentication
Unfortunately, not all FIs receive the risk signals they need to adequately protect their customers. Our webinar poll revealed that only 16% of respondents receive risk signals. Coupled with the fact that only 40% of those FIs protect high-risk use cases like internal transfers in their fraud prevention approach, banking customers are potentially exposed to several fraud risks.
And that's where Entersekt comes in. As we deploy our product capabilities on the Q2 platform in phases, we are beginning to see the expected data trends that confirm and solidify our next product roadmap items.
Since onboarding several financial institutions into the Q2 digital banking ecosystem, those intriguing data patterns are shaping the future of our solution enhancements within Q2. Looking ahead, these insights will enable us to strengthen security by expanding our view of trusted devices, detecting suspicious activity, and proactively preventing advanced fraud attacks before they occur.
And that's where Entersekt comes in. As we deploy our product capabilities on the Q2 platform in phases, we are beginning to see the expected data trends that confirm and solidify our next product roadmap items.
Since onboarding several financial institutions into the Q2 digital banking ecosystem, those intriguing data patterns are shaping the future of our solution enhancements within Q2. Looking ahead, these insights will enable us to strengthen security by expanding our view of trusted devices, detecting suspicious activity, and proactively preventing advanced fraud attacks before they occur.
If you’d like to learn more about Entersekt’s dynamic authentication solutions, and how to protect customers from extant and new fraud threats, watch the full webinar below, featuring this blog's author, Mzukisi Rusi, and Steve Bledsoe (Senior Director: Solutions Consulting):
This webinar was the first installment in our ‘First line of defense’ series, aimed at helping Q2 customers adopt a modern fraud prevention approach and remain a step ahead of evolving fraud. Learn more about our fully integrated solutions for Q2 here.