In a recent interview with PYMNTS, I discussed today’s fraud landscape and how authentication that is ‘good enough’ is no longer able to offer adequate protection for financial institutions (FIs). Essentially, we’re in a perpetual arms race with fraudsters. When we build a higher fence, they build a higher ladder.
But here’s what FIs can do to not only win the battle but also stay on the front foot in the war against digital banking fraud.
But here’s what FIs can do to not only win the battle but also stay on the front foot in the war against digital banking fraud.
Fraud prevention across all banking channels
Banking customers interact with their provider using a variety of channels like the phone or mobile network, email, web channels and call centers to name a few. As a result, they’re able to conduct their banking when and how they want. However, FIs need to ensure all those channels are secure.
What’s usually the case is that institutions use different fraud prevention providers to cover specific channels, which creates a piecemeal or siloed approach to security. That means that fraud and risk intelligence data is not shared across these channels, resulting in gaps in security.
Yet, upgrading their customer authentication tools may not feature high on an FI’s priority list, due to constraints like budget or a lack of technical skills. Or perhaps the FI hasn’t been hit hard by fraud – yet – and they think one-time passcodes (OTPS) offer good enough protection.
But if you haven’t levelled up your fraud prevention technology, you’re setting up a ticking time bomb for the day when your customers are going to be compromised by either a targeted or blanket attack.
What’s usually the case is that institutions use different fraud prevention providers to cover specific channels, which creates a piecemeal or siloed approach to security. That means that fraud and risk intelligence data is not shared across these channels, resulting in gaps in security.
Yet, upgrading their customer authentication tools may not feature high on an FI’s priority list, due to constraints like budget or a lack of technical skills. Or perhaps the FI hasn’t been hit hard by fraud – yet – and they think one-time passcodes (OTPS) offer good enough protection.
But if you haven’t levelled up your fraud prevention technology, you’re setting up a ticking time bomb for the day when your customers are going to be compromised by either a targeted or blanket attack.
Banking and payment authentication: Friction vs security and trust
So, if banks need to elevate their security, does that not add more friction to customer transactions, and potentially reduce revenue? The short answer: nope. Not if it’s done right.
Risk-based authentication that steps up authentication when there’s a high-risk or suspicious transaction might mean more friction. But that’s not always a bad thing. That’s a paradigm shift that I think we need to make in the industry. The expected friction may not happen all the time, but when it does, it lets the customer know that their FI has their back. And that builds trust, increases deposits and grows the customer base.
Here’s an example. You’ve got Bank A. They might have a static approach that routinely steps up friction during a transaction. Then we have Bank B. They use a holistic approach to introduce levels of friction into the mix that customers want — according to their own directives, such as Dollar amount or transaction type.
So, which bank do you think will be used more often? Usually, the one that takes a more proactive approach in protecting their customers.
Risk-based authentication that steps up authentication when there’s a high-risk or suspicious transaction might mean more friction. But that’s not always a bad thing. That’s a paradigm shift that I think we need to make in the industry. The expected friction may not happen all the time, but when it does, it lets the customer know that their FI has their back. And that builds trust, increases deposits and grows the customer base.
Here’s an example. You’ve got Bank A. They might have a static approach that routinely steps up friction during a transaction. Then we have Bank B. They use a holistic approach to introduce levels of friction into the mix that customers want — according to their own directives, such as Dollar amount or transaction type.
So, which bank do you think will be used more often? Usually, the one that takes a more proactive approach in protecting their customers.
Keep fraudsters out with Entersekt’s modern authentication
Think of Entersekt as your first line of defense against fraud. Our cross-channel solution protects all banking channels, helping FIs quickly and easily differentiate a genuine customer from a fraudster.
How do we do this? One way is by creating a trusted ecosystem of devices or endpoints. Our technology binds a real-world identity to a device and makes sure that the device is trustworthy.
When authentication technology also includes the context of customer transactions, you’ve got a fraud-fighting all-star.
How do we do this? One way is by creating a trusted ecosystem of devices or endpoints. Our technology binds a real-world identity to a device and makes sure that the device is trustworthy.
When authentication technology also includes the context of customer transactions, you’ve got a fraud-fighting all-star.
Context-based authentication is critical for customers and FIs
Understanding and sharing the context of each transaction across channels gives the risk engine the data it needs to make the right decisions. If we look at Entersekt’s Context Aware™ Authentication, it has two aspects to it.
One part of that context is device context – a security context:
One part of that context is device context – a security context:
- Have we seen this device before?
- Does it have a reputation associated with it?
- What kind of signals are present?
The other piece of context, that’s sometimes overlooked, is providing the end users, the account holders, with the context of what’s going on with their banking activities. Here’s an example of how context helps customers.
The customer receives an OTP from their bank on their phone. And all it says is: ‘Here’s your one-time passcode. We’ll never ask you for this.’ But the end user doesn’t have any idea what that OTP was requested for. Is someone trying to reset their password? Is the OTP old?
To resolve their confusion and concerns, they need to know the context of that authentication. At Entersekt, we provide that. We provide context about where that password reset, for instance, is coming from. ‘Hey, it’s originating from an Android device, a Pixel 7 over in Washington State.’ And if that customer is three states away and doesn’t own a Pixel 7, that is critical information to help them be an active participant in their own security. They can press Decline and rest assured that their bank has got their back.
And that builds trust with customers.
The customer receives an OTP from their bank on their phone. And all it says is: ‘Here’s your one-time passcode. We’ll never ask you for this.’ But the end user doesn’t have any idea what that OTP was requested for. Is someone trying to reset their password? Is the OTP old?
To resolve their confusion and concerns, they need to know the context of that authentication. At Entersekt, we provide that. We provide context about where that password reset, for instance, is coming from. ‘Hey, it’s originating from an Android device, a Pixel 7 over in Washington State.’ And if that customer is three states away and doesn’t own a Pixel 7, that is critical information to help them be an active participant in their own security. They can press Decline and rest assured that their bank has got their back.
And that builds trust with customers.
Fraudsters have access to all the latest technology to create sophisticated attacks and scale them. So, FIs need to level up their fraud prevention solutions to provide effective protection. At Entersekt, we get that, and we’re here to help.
In case you missed the first webinar in our First line of defense series, where I chat with my colleague, Mzukisi Rusi (our VP Product: Identity & Authentication) about defeating evolving fraud with dynamic authentication, you can access it here.