Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

Moving past the password: how banks can keep customer data safe

Andrius Sutas, CEO and co-founder of AimBrain 

In 2018, security is a more salient – and more challenging – issue than it’s ever been before.

For mobile banking alone, last year’s overall number of Trojan virus attacks was twice that of the year before, and a 17-fold increase on 2015’s. McAfee detected 16 million mobile malware infestations in Q3 2017 alone: double that of Q3 2016.

Mobile enables new products, superior segmentation, remote onboarding, and a host of other benefits, but unfortunately, these advances extract a price from banks and financial services institutions. With every new tool comes a number of new attack vectors for criminals to exploit: new opportunities to coerce, dupe, and violate in pursuit of data, money, or simple mischief.

To defend themselves and their customers against these malicious forces, banks have largely focused on verifying devices, rather than people – using passwords and biometric authentication. These approaches have, however, addressed the symptoms rather than the disease. Without verifying the person, authenticity is never fully assured: if credentials can be acquired with an educated guess, a dash of plausible-sounding charm, or even interception, those credentials are not secure. Enterprises that continue to rely on passwords will be at the mercy of their considerable weaknesses.

So how can banks and financial services organisations safeguard customer data – without risking noncompliance with the law, or compromising the freedom and flexibility provided by new technology?

Banking on biometrics

For today’s and tomorrow’s challenges, the best solution is to add additional layers of security. This is achieved most easily and effectively with biometrics, which assure the authenticity of the user, instead of the device used.

A person’s face, fingerprint, or voice is an effective means of verification because it is not easily duplicated and it is not a secret that can be teased out. Anyone can find out anyone’s mother’s maiden name; it’s somewhat harder to steal their face.

This isn’t to say that biometric authentication is flawless: some less sophisticated gateways can be beaten with a video, or a voice recording. But good security is about layers: it shouldn’t matter if it is theoretically possible for a hacker to beat one level of a KYC check, because they will ideally have to also beat layers two, three, and so forth. Passwords don’t work because if a hacker has it, then they have it – and they only had to overcome one challenge for the privilege.

But which challenges can banks add for those with malign intent?

Passive bot detection

 Prevention, as they say, is the best cure. Passive bot detection allows banks to feed industry or institution-specific fraud data into a passive anomaly detection module – alerting organisations to the earliest signs of suspicious behaviours. Though it’s used largely for bots, it can also detect troubling behaviours from manual (i.e. human) users, and from as early as the onboarding stage.

Multiple biometrics

Why create an obstacle for hackers when you can create an obstacle course? Multiple biometrics allows you to combine and layer challenges for hackers, including voice, face, bot detection, and behavioural analysis – creating unique systems comprised of ‘step-up/step-down’ security rules and weightings on particular outcomes. The yes/no dichotomy of passwords is replaced with a complex, evolving, in-session risk-based assessment that can discern user authenticity on an ongoing basis.

AimBrain’sAimFace/LipSync solution is one example of a multiple biometrics-based solution: it combines facial authentication with a voice challenge and lip synchronisation analysis. Customers can enrol or access their account by simply taking a selfie and reading a randomised number. If it sounds straightforward, it is – and it’s impossible to spoof using any method available as of this writing.

Simple, yet smart

Finally, simple and smart tests can be combined using the latest anti-spoof and liveliness detection tools – merging simple user challenges with time-sensitive outcomes built on a foundation of artificial intelligence. Facial authentication, for example, can be combined with in-session audio prompts. It’s secure, it’s straightforward, and it highlights the principal benefit of biometrics: they’re right there, in plain sight – and with technology, can be completely useless to cyber criminals.

Secrets are fragile and dangerous: they’re there to be guessed or stolen, and in 2018, are no means of protecting customers or institutions. A modern bank can’t fully contend with fraud until it learns to anticipate it. A true biometrics partner can help an institution do just that: moving beyond the password and toward a future where the customers themselves – instead of their devices – are the best defence against attacks on their data and assets.

AimBrain is a BIDaaS (Biometric Identity as-a-Service) platform for global B2C and B2B2C organisations that need to be sure that their users are who they say they are.