Consumer demand for mobile banking has risen dramatically in recent years. The expectation is that banks must provide their customers with a truly seamless mobile banking experience, or risk losing them to competitors that do, writes Sam Bakken, Senior Product Marketing Manager at OneSpan, an authentication and digital identity verification product company.
A 2019 survey found that 59 per cent of consumers have used mobile banking, up from under half in 2018 and it is anticipated to overtake the use of high street branches by 2021. Whether it’s for checking their balance, making payments or transferring money between accounts, consumer demand for mobile banking is showing no signs of slowing down anytime soon. Yet it doesn’t come without its challenges. For instance, the number of mobile malware attacks nearly doubled in 2018 – from 66.4 million in 2017 to 116.5 million – and mobile account takeovers increased by 79pc. Financial institutes are finding it tough to keep up with criminals who are constantly innovating, resulting in more customers’ sensitive data being stolen and reputations taking a hit.
Financial fraud alone cost UK banks £1.2 billion in 2018 and despite the introduction of biometric technology in an attempt to counter fraud, there’s still a clear need for additional layers of authentication that enhance This is where behavioural biometrics can play a significant role, as they ensure that an active authentication challenge that disrupts the user experience is only required when absolutely necessary.
Fraud detection
‘Active’ biometric authentication is already widely used by banks, financial institutions and many other businesses alike. Security has improved thanks to the likes of fingerprint scanning and facial recognition, with these methods now seen as cornerstones of modern customer authentication processes. However, with the rising usage of mobile banking, cyber crooks are following suit and targeting mobile channels much more heavily. Using sophisticated methods to exploit their victims, criminals are still gaining the upper hand over consumers, presenting a substantial need for a context-aware approach to authentication. Any security protocols also have to protect a user’s sensitive data while remaining completely invisible – i.e. not affecting the customer experience.
Enter behavioural biometrics. This technology enhances authentication capabilities by collecting data points to provide insights on how a specific user naturally interacts with his or her device. This data is then compared against historical data to determine a risk score.
Behavioural biometrics works constantly in the background, rather than only at the moment of authentication. Data from innate human actions are used as metrics, such as the angle at which a user holds their phone, swipe patterns and keystroke dynamics, to continuously authenticate the user’s identity. This is a completely unseen authentication method and it provides a continuous security protocol that ensures only the verified user can carry out banking activities.
Users can safely roam mobile banking platforms, completely unaware that behavioural biometrics is working in the background. That’s why more and more financial institutions are integrating behavioural biometric technology in conjunction with other methods of authentication, in order to reduce friction and, most importantly, strengthen their ability to detect fraud attacks.
Making the best of behavioural biometrics
While behavioural biometrics is becoming a sought-after tool for detecting financial fraud, there are still some key considerations for banks and financial institutes when it comes to implementing the technology for authentication.
The first thing to keep in mind is that behavioural biometrics is just one way of securing users. Working in the background as an additional layer of protection, behavioural biometrics should be used along with a risk analytics engine and a mobile security solution to establish trust with the mobile device being used.
The data gathered can then be filtered into a much broader fraud analysis context that is complemented by other authentication processes – such as push messages, biometric parameters and geolocation data. This intelligent risk analysis lets banks accurately detect anomalies, such as a change in typing pattern, in real-time.
It’s also important to keep specific use cases in mind. Banks should define different low and high-risk use cases, adjust the required scores for the level of risk involved, and also decide which behavioural actions need to be measured for their particular use case.
Finally, banks need to be mindful that no single authentication method can provide a complete answer to fraud prevention. Behavioural biometrics alone can’t remove every false positive and negative, but it can play a major role in reducing the number of them by limiting user actions, such as entering a one-time password or facial recognition authentication, to a minimum.
In essence, behavioural biometrics is enabling banks and financial institutions to significantly enhance their authentication processes – helping to drive down financial fraud caused through account takeover – without negatively impacting a verified user’s experience. With the likes of fingerprints, facial recognition and other active biometrics becoming commonplace, the financial industry is certainly taking its authentication processes in the right direction. However, it’s rapidly becoming evident that embracing behavioural biometrics is the next step in effectively tackling financial fraud.
