Financial institutions do not have to choose security over user experience to stop fraud
Cyber fraud is rife in the financial industry, making it a big thorn in the side of banks and financial services companies that must continually switch-up their digital services and security to stay a step ahead of fraudsters.
It’s a balancing act on tricky terrain for banks. Their customers want an awesome user experience and innovative services with seamless interaction with their digital accounts on all their favourite devices, from anywhere. They also want the reassurance that their money and personal details are safe.
Financial institutions want to give them all of that and more. On the flip side, some cyber criminals make it their business to bypass security measures and hack into systems to steal money and information.
“Financial institutions do not have to choose between innovation and security. It is possible to achieve the perfect balance between offering great, seamless usability and keeping digital services and transactions safe. It sounds like a cliché, but the best way to prevent internet banking and payment fraud is to stop it before it happens,” says Charl Ueckermann, Group CEO at AVeS Cyber International.
He says the practice of “Know Your Customer” (KYC) is one of the most significant elements in the fight against cyber crime, new account fraud, account takeovers and money laundering in the financial sector. “Know Your Customer” is the process that institutions use to verify the identities of their customers and determine the risks they could pose. "Know Your Customer" allows institutions to protect themselves by confirming that they are doing business with legitimate people and allowing legitimate users to access digital services and transact on their digital platforms.
“Cyber criminals imitate customers, which is why it is crucial for financial institutions to accurately confirm the identity of every person trying to log in and transact on their digital platforms. In the digital space, institutions rely on electronic ways of identifying customers. Although two-factor authentication has been the mainstay for this for years, it is not enough anymore. Most data breaches are the result of weak or stolen passwords.
“With the increasing complexity and diversity of means for accessing digital accounts, financial institutions need advanced authentication measures to confirm that the people who are trying to access their digital services are, without a doubt, genuine customers.
“They should also be analysing user behaviour to build patterns of legitimate and fraudulent behaviour, as well as monitoring behavioural biometrics to build user profiles based on mouse, keyboard and mobile phone usage.
“This is to prioritise legitimate users and offer them a seamless customer experience without irritating and unnecessary authentication steps while detecting and stopping suspicious ones in their tracks. Monitoring user environments also helps to profile users’ context information, such as devices, network and geo-location to identify anomalies that could indicate suspicious or fraudulent activity. It takes the practice of KYC to the next level,” says Ueckermann.
He adds that real-time analysis of biometric, behavioural and environmental data, as well as advanced, risk-based authentication, can help financial services companies reduce two-factor authentication costs.
Advanced machine learning goes hand-in-hand with “Know Your Customer” and is another powerful weapon in the fight against cyber-related crime in the banking sector. Powered by artificial intelligence, advanced machine learning can spot fraudsters and bots impersonating customers to prevent attacks before they occur.
“Advanced machine learning learns from normal customer behaviour patterns and quickly picks up when something is ‘out of character’. Companies can monitor and analyse user sessions for events like bots, malware, remote admin tools, new and unknown devices, and web injects.”
Advanced authentication technologies and machine learning models currently represent the most formidable defence against cyber-related crime and fraud in the financial services industry. They are also the least invasive to the customer experience when compared to two- and multi-factor authentication methods, which can hamper user journeys.
Ueckermann adds that ongoing communication with customers about transacting safely online should also be part of every organisation’s fraud prevention strategy as the effectiveness of fraud-prevention technologies is bolstered when users are savvy.
Online banking customers can keep themselves safe by:
- Using multi-factor authentication.
- Keeping their one-time PINs safe and private. No legitimate company will ask ever customers to share PIN numbers.
- Installing anti-virus software on all devices that are used to transact online. This is especially important for Android devices. Android banking malware in SA is abnormally high compared to the rest of the world.
- Only downloading legitimate apps from the Play Store or App Store. Malware is more common on Android. Even apps that seem insignificant, like torch apps, may be malicious.
- Being careful about giving permission to apps to access contacts, location, messages and other information on your device.
- Using different/unique passwords for different platforms. Using the same passwords for all apps and platforms is risky.
Ueckermann concludes: “Surveys show that more than 70% of enterprises are looking for security solutions that do not significantly affect user interaction with their digital services. With advanced authentication and machine learning, institutions have the capability to extend innovative digital services to genuine customers without causing any additional friction. Importantly, they have the power to detect and stop fraud before it happens, and demonstrate that 'prevention is better than cure',” concludes Ueckermann.
- Reference: Kaspersky. (2020, 11 16). Kaspersky Fraud Prevention x Finance. Kaspersky Fraud Prevention x Finance, 1.