By Ian Holmes, Global Lead for Enterprise Fraud Solutions at SAS
Technology has transformed the world of banking, bringing all manner of new services to the table and revolutionising the way that customers manage their finances.
Gone are the days of fixed branches and localised appointments. Today’s banking is done with the click of a button. However, technology has also brought with it new challenges, particularly in regard to identity and authentication. These two things are no longer as easy to achieve as they used to be.
Customers can interact with banks through a growing number of channels. As a result, there are myriad factors that banks need to take into account to facilitate the different options.
The question of when and how to authenticate identity has become particularly important, as has the data that is used and the processes that are put in place to ensure strong customer authentication compliance. What’s more, consumers now expect unified services with a seamless experience and will have no qualms about going elsewhere if banks can’t provide them.
What is identity and authentication?
Before answering this question, it is important to clarify what we mean by identity and authentication, and how the terms differ. Organizations use identity to ensure that only authorised individuals can access information for the appropriate reasons. Authentication, on the other hand, is the key in the lock for identity, allowing customers to go on to execute transactions.
Authentication is required in all channels of interaction, and there are varying means to achieve it. For example, banks can use knowledge factors such as passwords, possession factors such as ID cards or authentication tokens, and inheritance factors such as biometrics to verify users. Each factor has its own unique challenges, however, presenting various security flaws such as weak credentials or the risk of losing physical tokens.
Moreover, in the era of digital banking, criminals can counterfeit many pieces of information to compromise user identities. This has devastating consequences for all involved, whether it be customers whose data is compromised or banks whose reputation is damaged. Identity theft is clearly a grave threat.
The extent of the problem
Identity fraud is a growing concern that affects both businesses and customers, especially when fraudulent activity affects innocent people’s credit scores. It has therefore become vital that banks take action to preemptively detect identity theft. But this is, of course, much easier said than done.
Modern hackers are using powerful tools to steal identity information. For example, geospoofing enables criminals to use intermediate computers to hide their IP address and appear in a location that matches the stolen credentials. Elsewhere, hackers are implementing bots that use automated scripts to guess passwords.
The extent of the identity problem becomes clear when we look at the statistics. For example, research shows that it takes the average victim seven months to become aware of identity fraud,. In some cases, it can even take years.
What’s more, once an attack is discovered, the average cybercrime victim in the UK spends 14.8 hours dealing with the aftermath. These are worrying facts, considering the large volumes of money and sensitive data at stake.
With all this in mind, if the established players can’t provide a strong anti-fraud service via a user-friendly authentication system, it will only be a matter of time until consumers take their custom to more agile fintechs and challenger banks. So how can these problems be resolved?
The AI solution
Proving identity is the critical first step in preventing theft. After all, only when you have confidence in the interaction can you begin to validate the other requests. However, the greatest problem is gaining this confidence, and the rise of remote requests increases the challenge.
If it is true that technology has complicated matters with regard to identity and authentication, it is also true that it holds the key to resolving the problem. For example, AI-enabled programmes are now capable of authenticating payments in real-time. They can also quickly recognise fraudulent attempts to steal logins or log counterfeit payments.
Despite this, an alarmingly small number of financial institutions are leveraging the appropriate solutions. Research shows that only 10% of organisations are actively using ML analytics to orchestrate authentication. While 50% are in the process of implementing these solutions or have them on their road maps, a worrying 40% are not.
With this in mind, banks need to take steps to prove the value of AI and advanced analytics. In addition, they must demonstrate how these solutions can bring new levels of flexibility and convenience to customers.
AI and advanced analytics are helping banks to preemptively detect identity fraud rather than having to deal with the aftermath. By learning the “normal” behaviour of customers, they can limit the number of false positives and unnecessary challenges. This helps to reduce customer frustration and friction while maintaining security in the process.
The sooner you invest, the sooner you benefit
Technology has changed the face of identity and authentication. The benefits brought to banking are significant and the risks of inaction rapidly expanding. When innocent people begin falling prey to cybercriminals, it dramatically affects the user experience. This is a key issue for banks to overcome in the era of open banking and digital payments.
For all the benefits that AI and advanced analytics bring, there is an alarming lack of adoption in the industry. As a result, it falls to the banks themselves to become the driving force for change and to demonstrate the business value that these solutions bring to financial services.
Those who fail to implement powerful AI-based authentication will soon feel the impact on the bottom line as customers flock elsewhere in search of increased security and a smoother journey.
The post #Privacy: The identity challenge, how can banks know who’s who? appeared first on PrivSec Report.