The financial industry has made headlines over the years for witnessed breaches that have put hundreds of millions of consumer records at risk for malicious activity while bearing the costs of loss of trust and loyalty from new and evolving consumers.
According to IBM’s 2019 Data Breach Report, on average, data breaches cost financial institutions $13 million between July 2018 and April 2019 with the largest influence on cost being loss in business due to fragmented consumer trust.
While there is no changing the past, the financial industry now has the opportunity to take positive steps forward with advancing technologies. By focusing on consumer engagement, active security strategies and protecting consumers’ digital identities, this new decade may become the moment banks may take the lead in the fintech revolution.
Keeping pace with the now economy
The latest news on Venmo’s instant-transfer service highlights consumer demand for seamless services is growing exponentially. By introducing faster payments services for example, banks are able to meet these heightened consumer expectations, but it doesn’t mitigate the risk of fraud. Traditionally, banking institutions have used the lapse in payment completion as time to examine transactions and respond to anything suspicious.
Now, the pressure for speed has impacted the time available to ensure accuracy.
While banks must remain competitive and innovative, the opportunity to avoid fraud lies in how they register, identify, secure and bind consumer to their digital banking channels. Banks must account for fraudsters utilising social engineering or some form of account take over fraud to get access to legitimate consumer bank accounts. These instant and irrevocable transactions mean that banks must have a degree of certainty and assurance that each transaction involves legitimate funds that come from a legitimate bank account that ultimately reach the intended end user.
Typically, a customer will initiate a transaction through one of their bank’s digital channels, either through a browser or mobile app, in which case multi-factor authentication (MFA) (a combination of two of something you know, something you have, and something you are) becomes extremely important. In a partnership with Pymnts, we conducted a customer authentication study in which we found that 54% of consumers want to play a role in authentication strategies because they feel their chances of becoming a victim of fraud would decrease if they had more control over verifying their transactions.
The research showed that consumers would like banks to engage and involve them in mitigating fraud by giving them improved access to control features. When consumers are better informed about the security options available to them (as well as the services offered on their banking app), they tend to use the app more often and engage with more services. Additionally, a customer’s phone – something they carry with them all the time – can become the possession factor in multi-factor authentication, giving them a platform to easily validate, verify and authenticate each transaction.
Complementing compliance & security
One important thing to note as banking providers continue to adhere to regulatory compliance note is that compliance does not equal security. Compliance, while important, is a snapshot in time that should complement an active security strategy. Emphasis on an ongoing and continuous effort that advances in tandem with dynamic hacker methods is key to staying ahead of the issue. For example, the ISO 2202 Spec, an ISO standard for electronic data interchange between financial institutions, provides more mechanisms and actually puts a bit of an emphasis on the something you have aspect of MFA. It is a crucial element to building a trusted source between banks and consumer devices that is capable of providing non-repudiation, essentially guaranteeing message transmission via encryption.
Fraudsters are intelligent. They use multiple tactics to penetrate banking systems and gain access to valuable personal data and money. Every channel that a customer could use to communicate with their bank – from the call center to the mobile device or the online channel – is vulnerable to attack. By connecting the dots and securing the common factor across all these banking channels, financial institutions can create new opportunities for engagement while mitigating fraud. Maturing from the tradition of trying to secure individual channels to implementing strategies like omnichannel authentication will allow financial institutions to navigate new challenges in the new decade ahead.
By Sherif Samy, SVP North America at Entersekt