Tackling Payment Fraud with Multi Factor Biometrics

By James Stickland, Chief Executive Officer at authentication platform Veridium, 

Financial Institutions Failing to Keep Up

There is an undeniable paradigm shift occurring in how customers want to manage their finances. The growing popularity of online banking has seen thousands of bank branches and cash machines disappear from high streets across the country. Consumers increasingly value the convenience digital banking platforms offer, and are now the preferred method for over two-thirds of British adults, with 48 percent using mobile banking[1]. However, this has invited a new stream of cyber threats into the financial services sphere. To counteract this, regulations to optimise consumer protection have been created, such as the fast-approaching Strong Customer Authentication (SCA) in the UK and the New York Department of Financial Services (NYDFS) cybersecurity regulation in the U.S. SCA urgently requires banks and payment providers to add additional layers of authentication on payments, to mitigate the risk of payment fraud. Customers and regulators also continue to recognise that SCA needs to be redefined in order to be relevant, and to meet the digital requirements associated with customer expectations.

Pressure is now mounting on financial services organisations to keep pace with these evolving market dynamics, and are investing in innovative digital authentication measures to safely support the changes. With competitive differentiation and brand reputation on the line, and customer confidence being a key issue, it is crucial that a move to digital mobile multi factor authentication enhances user experience, and does not impair the frictionless customer journey.

The Need for Biometrics

James Stickland
James Stickland

In 2019, one in five UK adults were impacted by online card fraud[2], reinforcing the need for the banking sector to better protect the abundance of data they are entrusted with. This year, the expansion of 5G networks will roll out wireless broadband that is 100 times faster than its predecessor, creating more opportunity for hackers to penetrate vital data.

Organisations see value in replacing passwords with biometrics, as this easily compromised security measure accounts for over 80 per cent of data breaches[3]. Furthermore, forgotten passwords are costing businesses $1.9 million a year in resets[4], negatively impacting productivity across the business. As a result, financial institutes are recognising the need to turn to using a strategy that incorporates a biometric authentication solution as a more cost efficient, safer alternative.

Creating a Digital Identity

A fundamental issue with passwords is that they fail to confirm the true identity of the user. In order to ensure financial services organisations know their customer, they need to replace legacy authentication techniques, requiring a migration from ‘what you know’ to ‘who you are’. Implementing this technology will enable firms to meet PSD2 requirements, and create a verifiable digital identity for their customers.

Leveraging a mobile-first authentication strategy for consumers will become the standard approach in the coming years, as we witness device possession emerge as a key factor and native biometric technology become present in 90 per cent of smartphones by 2024[5]. This highlights the growing consumer preference for a seamless user experience – a trend that is now a key business differentiator that banks must prioritise in order to avoid customer churn to market disruptors. More and more customers expect a seamless and convenient authentication process as part of their digital experience, with minimised time and effort spent logging in. A simple user experience goes a long way towards hitting customer satisfaction targets; by evolving to match changing expectations, financial institutions can distance themselves from competitors.

Urgent Call for Unique Methods

The increasingly complex nature of malicious activity is calling for more unique methods to safeguard our valuable data. According to a recent Private Industry Notification issued by the FBI[6], cyber threats have become sophisticated in order to deceive legacy two factor authentication, through phishing, intercepting one time passcodes and password compromise. In order to provide irrefutable identity verification and achieve fraud reduction, device possession and biometric identification should be integrated into next generation authentication, which incorporates implicit intelligence and behaviour.

Collecting artificial intelligence (AI) on how the user interacts with their services is key. This is where behavioural biometrics – which track unique patterns of behaviour such as activity, time of day, and geolocation, as well as leveraging the phone’s telemetry – are perceived as the next step in increasing security, without impairing user experience. These technologies collect data to prove identity at point of interaction, which is critical when executing transactions, including payments. These additional layers harness AI in a way that can even tackle sophisticated identity scams, which forge video and audio to deceive banks. The number of deepfake videos rose to 14,700 last November, compared to 8,000 in December 2018[7].

Banks are finding that they are unable to prevent payment fraud with a single authentication method, therefore, a multi factor approach is being viewed as crucial. With reduced reliance on passwords, companies can make strong authentication a priority in their digital transformation journey. This will improve employee productivity and enable customers to safely use digital financial services in a frictionless way, by enhancing the security and overall customer experience, whilst keeping costs low.

Related Articles