Connect with us

Top Stories

Security vs. convenience: Delivering seamless, secure service experiences

Security vs. convenience: Delivering seamless, secure service experiences

By John Watkins, Industry Consultant: Fraud Strategy and Intelligence Division at SAS

Customer identity is a precious asset and a highly prized commodity. As the financial services industry has become more digitised down the years, customers’ digital identity decides what they can do and what online services they have access to.

This has been revolutionary for the customer experience. So long as the service provider is happy that customers are who they claim to be, they can access their account, make a transaction or take out a loan anywhere and at any time they want. Indeed, the speed and ease of this process has become a point of competition, with organisations vying to provide the most seamless and frictionless online experience possible.

However, in the rush for greater convenience, the industry can’t afford to forget about proper identity verification. The threats from identity theft and cyberfraud are growing more sophisticated and pernicious. Organisations must guard against this, but in a way that doesn’t penalise the innocent customer.

A global identity crisis

Digital identity is a convenient means of authentication, but the lines are starting to blur. The industry has woken up to the fact that online identities are malleable and spoofable. Impersonating customers online to commit fraud and gain access to their financial assets has become big business for cybercriminals. In 2017, identity fraud peaked in the UK with 174,523 cases reported by Cifas, with eight out of 10 fraudulent applications made online.

What’s more, these hackers are constantly innovating and adopting new technologies to stay ahead of security measures. Even popular, tried and tested measures like two-factor authentication have been compromised.

Cybercrime is fundamentally adversarial. A lone wolf or criminal outfit will probe every weakness in your verification system and will stop at nothing to breach your defences. You need to cover all your bases and ensure they have no place to hide.

At the same time, however, you mustn’t go too far in the other direction. You have a duty to protect your customers, but also to provide them with the best experiences – something an endless loop of authentication methods can never deliver.

The 5 senses of security

When you meet someone for the first time, you make use of all your senses to get a first impression of them. The same principle should be applied to online interactions with customers. Why wouldn’t you use all the information channels available to you to find out if the user is being honest?

The problem is that credit, fraud and risk managers and their staff too often make the call based on incomplete insight. This is because they only collect and analyse some of the data that’s on offer.

If you don’t consider every possibility, you’re only leaving blind spots to be exploited. For example, an authentication system may approve a request from cybercriminals simply based on the device they’re using. Yet if the system had checked the device’s location and the customer’s behaviour, the hacker would likely have been exposed.

The main data points to consider are:

Experiential information: The organisation’s previous interactions with and knowledge of the user based on an existing profile. Has this user been denied access before, and why?

Channel information: The channel or device the entity is using. Has the user accessed your services with a certain device before?

User behaviour: The behaviour of users while they’re interfacing with your services. Are they hesitating too long when asked to make decisions? Does their cursor move robotically?

Public record: Publicly available information on the customer. Are they accessing their services from their registered address? Does their given age match what’s on their driver’s license?

Group and risk analysis: Wider data from analysis of the market and threat landscape. Is the email address the entity is using part of a known fraud cluster?

Organisations don’t have to implement every data type into their verification process. Yet every new segment they do adopt vastly increases their chances of detecting and stopping fraud in progress.

Time waits for no one

However, data alone won’t protect you or your customers. Once you have the data and a process in place for discovery, you have to do something with it. While models do an outstanding job predicting fraud, rules stop it. At the same time, you need to act quickly. Customers won’t wait around if you spend more than 10 seconds weighing up their credentials. The process has to be seamless and instantaneous.

Yet the industry’s approach to authentication has sadly become segmented. There are thousands of point solutions that cover only one part of the verification process. They are rarely joined up and only waste customers’ time and patience. It’s critical that the process begins and ends with the customer experience in mind.

Turning insight into authentication

To turn insight into an authentication decision, organisations should consider an end-to-end solution. When a customer tries to sign-in or access a service, an orchestration platform should be set up to collect all the desired data points before sending them to a decision engine. The solution can then analyse the data and evaluate if entities are the customers they claim to be.

When the process for verification is unified and data-driven, passive authentication becomes a reality. The customer enjoys a real-time, seamless experience – no password required – while the decision engine rapidly confirms identity in the background. This is security and customer satisfaction all in one.

There is no silver bullet that will protect your organisation from cyberfraud in every event. However, when you have access to the right data and the capability to interpret and act on it in real time, you achieve the best of both worlds.

Editorial & Advertiser disclosure
Our website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.
Global Banking and Finance Review Awards Nominations 2021
2021 Awards now open. Click Here to Nominate


Newsletters with Secrets & Analysis. Subscribe Now