By Gerhard Oosthuizen, Entersekt's Chief Technology Officer
I’ve been involved in payments and banking for more than 25 years now and have seen the vital role that technology plays in digitally enabling FIs and their customers — and protecting them from fraud threats. Banks and credit unions need up-to-date solutions to, at a minimum, match the level of technology that fraudsters use today.
Responding to opportunist fraud vectors
Over the last 10 years we’ve seen the strong rise of social engineering as a mechanism to perpetrate fraud. Today it is present in most attacks. These attacks use fake personas and real customer impersonation to extract information and take over an account. Generative AI provides a means for even lower-skilled attackers to automate and scale their latest scams. The most severe of these target authorized push payments (APP) and faster payment fraud, where victims become complicit in stealing money from themselves, enticed by someone pretending to be helping them.
We’ve seen various industry and regulatory responses to try to stem the tide. In the UK, the banks are required to pay back fraudulent claims within 24 hours. Yet this has again led to an increase in friendly fraud where people under financial duress might claim a crime that was never committed or collaborate with the fraudster to play victim for a kickback. And at the recent UK Global Fraud Summit lawmakers proposed that the industry adopts a four-day waiting period for their faster payments to better protect consumers if fraud is suspected.
We’ve seen various industry and regulatory responses to try to stem the tide. In the UK, the banks are required to pay back fraudulent claims within 24 hours. Yet this has again led to an increase in friendly fraud where people under financial duress might claim a crime that was never committed or collaborate with the fraudster to play victim for a kickback. And at the recent UK Global Fraud Summit lawmakers proposed that the industry adopts a four-day waiting period for their faster payments to better protect consumers if fraud is suspected.
"There’s a technology failure in there somewhere. This is another indicator that fraud prevention teams must continuously look ahead to imagine what's coming next!"
We know fraudsters are good at what they do, and building and planning adequate protections into banking technology requires time. So, banks must start preparing now for the future, and getting that future protection right often hinges on innovation.
How does authentication innovation work at Entersekt?
These days, innovation rarely arrives in a moment of brilliance. There’s a long cycle involved that starts long before a unique solution presents itself. You need to know how the industry works and where it’s evolving too. Then identify how to address those future challenges and opportunities. In other words, it's an iterative process that starts with identifying potential risks in the banking ecosystem — even before they become a significant problem. Here's an example.
Concerns regarding customer privacy and browser tracking have been building up for a while, but the issue has only recently driven change in the industry, due to regulatory pressure and market sentiment. Entersekt has been thinking about privacy-friendly security for many years. We’ve always tried to balance customer choice and convenience. So, it makes sense that innovation in this space has followed. We have submitted various patents in this regard. Our latest ‘Frictionless SCA’ patent has been a long while coming — remember that the patent approval process can take a few years — this one was submitted in 2021 already!
Concerns regarding customer privacy and browser tracking have been building up for a while, but the issue has only recently driven change in the industry, due to regulatory pressure and market sentiment. Entersekt has been thinking about privacy-friendly security for many years. We’ve always tried to balance customer choice and convenience. So, it makes sense that innovation in this space has followed. We have submitted various patents in this regard. Our latest ‘Frictionless SCA’ patent has been a long while coming — remember that the patent approval process can take a few years — this one was submitted in 2021 already!
"The core drive behind this particular innovation is that stronger protection does not have to come at the price of great customer experiences, and that’s the challenge we set out to solve. Basically, enable a customer to continue engaging with their bank in a great way, while still being protected by Strong Customer Authentication (SCA)."
Basic SCA can introduce additional friction, which may lead to abandonment and lower customer satisfaction. How could we avoid this?
Once we’d identified the challenge, we ideated around various solutions to address this. We built on top of some of our previous innovations to devise a truly unique approach that achieves the best of both worlds. Every day we continue to further ideate on top of these unique concepts for future patents. Recently, for example, we submitted a patent application that looks at a destination digital account’s activity to try to detect mule accounts before they can be used in fraud.
That's how innovation works at Entersekt. We foster a culture of creative problem solving to ensure we remain a leader in authentication technology — by protecting our IP, the patents help us deliver value to our clients that no one else can provide.
Once we’d identified the challenge, we ideated around various solutions to address this. We built on top of some of our previous innovations to devise a truly unique approach that achieves the best of both worlds. Every day we continue to further ideate on top of these unique concepts for future patents. Recently, for example, we submitted a patent application that looks at a destination digital account’s activity to try to detect mule accounts before they can be used in fraud.
That's how innovation works at Entersekt. We foster a culture of creative problem solving to ensure we remain a leader in authentication technology — by protecting our IP, the patents help us deliver value to our clients that no one else can provide.
How do our digital banking patents benefit FIs
The old adage that ‘insanity is doing the same thing over and over again and expecting different results,’ couldn’t be more true in the field of technology. The reality is that problem solving and innovation go hand-in-hand.
That’s why, at Entersekt, our patents must address fraud challenges for FIs without disrupting their customer experience, and hopefully enhance those relationships. We’re innovating so that our FIs get solutions that:
That’s why, at Entersekt, our patents must address fraud challenges for FIs without disrupting their customer experience, and hopefully enhance those relationships. We’re innovating so that our FIs get solutions that:
- Are easy to use
- Improve security
- Scale to serve all banking channels and services
- Protect our clients’ privacy and right to choose
Our latest patent: Frictionless multi-factor authentication (MFA)
Our latest U.S. patent, ‘Frictionless SCA,’ covers our frictionless multi-factor authentication (MFA) solution, and is our 99th software patent (granted by the U.S. Patent office).
The idea behind the patent is to provide a solution that offers Strong Customer Authentication, while not adding any friction to the customer journey. It can bypass the active authentication step where you would usually have to enter a one-time passcode, a password or a biometric authentication on a separate device. That means banking customers get strong MFA, as required by the PSD2 SCA mandate, without an additional layer of challenge that interrupts their transactions.
The technique utilizes our Browser and App ID which uses silent cryptographic proof of possession rather than relying on fingerprinting or cookies — the traditional measures for a silent possession factor. Using cryptographic proof to identify devices is privacy friendly and qualifies as a possession factor in multi-factor authentication while providing the PSD2 required dynamic linking of the transaction.
This technology benefits financial institutions by reducing risk and financial fraud, while improving the customer experience, and ultimately pushing up transaction success rates.
It’s about finding the right balance between strong security and an excellent user experience. As the recent Liminal report, Customer Authentication – Market and Buyer’s Guide, concludes:
The idea behind the patent is to provide a solution that offers Strong Customer Authentication, while not adding any friction to the customer journey. It can bypass the active authentication step where you would usually have to enter a one-time passcode, a password or a biometric authentication on a separate device. That means banking customers get strong MFA, as required by the PSD2 SCA mandate, without an additional layer of challenge that interrupts their transactions.
The technique utilizes our Browser and App ID which uses silent cryptographic proof of possession rather than relying on fingerprinting or cookies — the traditional measures for a silent possession factor. Using cryptographic proof to identify devices is privacy friendly and qualifies as a possession factor in multi-factor authentication while providing the PSD2 required dynamic linking of the transaction.
This technology benefits financial institutions by reducing risk and financial fraud, while improving the customer experience, and ultimately pushing up transaction success rates.
It’s about finding the right balance between strong security and an excellent user experience. As the recent Liminal report, Customer Authentication – Market and Buyer’s Guide, concludes:
“Balancing a secure and easy-to-use authentication solution is one of the primary challenges facing practitioners today. Many organizations operate under the misconception that heightened security must inevitably lead to increased user friction; however, the current market is abundant with solutions that can optimize for both.”
Our continuous innovation and patented technology are part of the way we are making that a reality.
Read our press release to learn more about our ‘Frictionless SCA’ patent.
