Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.


By: Ryan Wilk, Director of Customer Success, NuData Security

Last year, cyber criminals got ahold of hundreds of millions of records containing the personal data of customers across all industries. Name-brand retailers were hit particularly hard, sometimes in ingenious ways, and at least one major bank suffered an embarrassing large data theft. IT teams are not usually run by psychics, so they must do their level best to protect user data – and their best often proved to not be good enough. That’s because hackers are insidious in their ability to keep creating new attack vectors.

Many times, the sought-after commodity is credit card numbers, which malicious actors use on other e-commerce sites or sell to fellow criminals. While dealing in stolen financial data is still a lucrative endeavor, a shift is occurring in the value of another commodity: usernames and passwords. Because many people use the same credentials across multiple Web accounts, a cascading effect occurs if a hacker gets hold of those credentials. Suddenly, all those accounts can be accessed – including emails accounts, if those credentials work for email as well.

Banks employ a variety of methods to safeguard their users. These methods include authenticating users by sending an SMS message to a user’s cell phone and Knowledge Based Authentication(KBAs), in which users answer pre-defined questions (“What’s the name of your first pet?” “Where did you meet your spouse?” etc.) While these methods provide an added layer of protection,they also add customer friction, potential customer insult and lost conversions, all of which a business wants to avoid.

A newer user validation method works in a much different way: it focuses on the subconscious aspects of a user’s behavior. This grants insight intowhether they really are who they claim to be. These are called subconscious metrics, and they look at how a user functions at the most basic level – just below the level of awareness. In day-to-day life, this can be as simple as always putting on your left shoe first. When online, it’s more complex, like the speed you type your email address into a username field on a website. These experienced-based data points are unique to the user and very difficult to mimic or forge. The collection of this data is 100 percent non-intrusive to the end user and gives you the ability to monitor, authenticate, verify and gain confidence in who your users are, all in realtime.

Brute Force, Username Testing and Account Testing are some of the methods used to take over accounts, one of the most popular forms of identity theft today. For anyone trying to protect their web or mobile user accounts from such schemes, the concept of subconscious metrics is an exciting one. If you can verify that the username and password entered are correct and also that the subconscious behavioral patterns matchprevious interactions, you can feel much more comfortable allowing that user to proceed. The opposite is true as well; if the user comes back with the correct username and password but the subconscious behavioral elements drastically differ from prior interactions, there is now powerful intelligence available to protect both the account holder and the overall brand.

It becomes much more difficult for a fraudster to impersonate a legitimate user when behavioral profiles are being used as a fraud detection method, because these profiles are composed based on hundreds of subconscious behavior measures. This allows us to determine that a change in a user’s behavior is not malicious, like using a computer instead of a smart phone, while still providing insight that a majority of the behavioral elements displayed by the user are accurate. Most of today’s authentication systems may have created customer friction based solely on a user logging on from a different device.

Avivah Litan, security and privacy analyst for Gartner, encapsulated the current fraud security zeitgeist in a recent research note: “The ultimate goal of OFD [online fraud detection] is: continuous behavioral profiling of users, accounts and entities.”A best practice for financial institutions looking for an authentication approach is to search for one that creates the most accurate behavioral, account and entity-profiling model available.

The best option for success in user validation is to gather and analyze a huge number of data points to discern who is really responsible for a transaction. This is called complex behavioral biometrics. The subconscious aspects of this behavior elevate our strategy so firms have a powerful weapon to protect their community of users against dangerous attacks such as account takeover and identity theft – and do it absolutely passively.

Zeroing in on subconscious behavior measures is an exciting new option in the fight against online fraud. It is a comprehensive method that greatly increases the likelihood of financial institutions being able to detect fraudulent behavior and, subsequently, keeping customers—and your bottom line—safe.