Holistic authentication is a critical deterrent to banking and payments fraud

Banking Payments Security
This article by Frank Moreno, Entersekt's Chief Marketing Officer, was originally published by BAI on April 1, 2024.

As money is moving faster than ever, fraudsters are seizing the advantage. In response, regulators are demanding a more secure environment as risk levels intensify and the impact of fraud is touching increasing numbers of consumers. But customers still want a simpler, more seamless experience. Siloed fraud management is not only hindering any move towards a seamless user journey, but the gap between banking authentication channels and online payment authentication is exposing organizations to more risk and disjointed customer experience.

There is no doubt that fraud management is getting more challenging for financial institutions (FIs). Identity theft and social engineering scams are becoming more sophisticated as artificial intelligence (AI) expands the reach of account takeover (ATO) and authorized push payments (APP) fraud with accelerated impact expected. In fact, the Federal Trade Commission (FTC) recently released its 2023 numbers and states that consumers reported losing over $10 billion in 2023, a 14% increase over 2022.

At the same time, regulators are cracking down on what they see as insufficient risk management. For instance, in March 2023, the U.K.’s Financial Conduct Authority (FCA) sent a detailed letter of concern stating actions PSPs must take to demonstrate appropriate consumer protections, or risk penalty. In the US, in addition to regulatory pressures, the state attorneys general are joining forces to hold banks accountable for consumer protections. This past January, the New York Attorney General sued a top tier bank for failing to protect and reimburse victims of fraud.

This has placed a real strain on institutions as they attempt to balance security with seamless customer experience and absorb the cost of fraud to prevent losing customers. FIs across the board consider excellent customer experience their highest priority and have tended to be reluctant to implement security measures that add friction to the experience. The reality is that strong security is about exceptional customer experience. And the advances in seamless authentication methods and AI-fueled risk data that silently authenticate make the vision of low-friction security within reach.

Mind the gap – the disconnect that allows fraud to flourish

Most FIs are managing authentication separately for each channel of customer engagement, for example, one vendor for online card payments and another for digital banking login. Fighting fraud with disparate and siloed channel-specific authentication tools results in inconsistent user experiences and vulnerable gaps that fraudsters exploit.

Consider a fraudster that secures a customer’s bank login credentials. If one channel detects an anomaly and blocks access, that fraudster will be simultaneously attempting all other channels to find the vulnerability. The fraudster may not have had all the necessary responses to pass the automated login controls, but they did have enough to penetrate the call center. Oblivious to the signals detected in the alternate channel, the representative facilitates access. It only takes one weak link to give access that can drain a customer’s savings within minutes.

Furthermore, with a multi-vendor strategy, the individual providers typically don’t share data or they require considerable integration effort to facilitate the exchange. As new banking services or channels are added, the new authentication vendors get tacked on, with imperfect connections and creating a spaghetti platform that is cumbersome to scale.

With a unified authentication provider, anomalies associated with the fraudster’s location, device, behaviors and more, can be detected in one channel and shared across channels in real-time, stopping fraud in real-time.

And when scaling to add new services or channels, a single provider supporting all channels through an API to a central platform supports the FI to seamlessly add new services and maintain a consistent level of fraud detection and user experience across the new offerings.

Customer experience and fraud prevention are not at odds

Many FIs have not yet recognized the impact their disconnected authentication strategy is having on customer experience. They are likely creating extra friction. With a context-based authentication approach a customer’s prior interactions and authentication preferences from any channel, can be applied in an ensuing channel minimizing incremental authentication steps.

Recognizing a customer across channels makes for a seamless experience, provides peace of mind and fosters loyalty as their banking interactions get easier, faster and more secure. FIs must break down channel silos, to create a more secure environment and a seamless and familiar customer experience.

There is no doubt that FIs want to improve their customer experience – it’s imperative as the competitive landscape evolves. And evolving even faster is the fraud landscape, empowered by AI technology that allows fraudsters to scale.

The winning FIs will be the ones that take a holistic approach to authentication. They will align with a cross-channel authentication provider that is seamlessly scalable to address evolving fraud and expanded bank offerings, a provider that innovates as rapidly as the fraudsters to solidify the marriage of fraud prevention and customer experience.

Further reading