Lloyds Digital Banking: Blazing the Trail for Friction-Free Fraud Prevention
Posted July 13, 2016
Fraudsters have been quick to exploit digital banking channels to steal card data, access customer accounts and even create new ones using stolen identities. It’s also become very clear that not only do banks need to improve fraud prevention, but they need to do it in a friction-free way that doesn’t impact the customer relationship and lead to more financial losses.
One bank leading the way on this is ThreatMetrix customer Lloyds Banking Group. With over 30 million customers, 11 million online banking users and 6.5 million active mobile users it’s one of the UK’s leading high street banks, and one of the largest globally. Its experience implementing next-generation fraud prevention via its digital banking channels is a great example to others in the industry facing similar challenges.
Threats on the rise
Financial institutions are a prime target for fraudsters. Even in Q1 this year, traditionally a low transaction season, attack levels remained high. Some of the biggest global banks sustained 10-15 million automated bot attacks during peak days, according to the Q1 ThreatMetrix Cybercrime Report. It’s not just bots that are the issue. Fraudsters are combining a wealth of breached data comprising stolen identities alongside sophisticated cloaking technologies like TOR and proxies to hide their true identity. They’ve also ramped up social engineering attacks on digital banking customers designed to trick them into divulging personal information or into executing a fraudulent transaction on their behalf.
The increasing use of mobile banking – with more than six times as many mobile transactions in the sector as Q1 2015 – has also provided opportunities to trick some systems via device spoofing.
Lloyds Banking Group faced these same challenges. It wanted to prioritise frictionless access to online accounts and services with a robust and real-time fraud prevention solution. As a new study from ThreatMetrix and First Annapolis reveals, the friction created by “step-up practices” such as 2FA can force frustrated customers to leave their bank, or else change their behaviour in a way that incurs extra costs for the lender. We calculated that US banks could lose an additional $10 billion per year in relationship value from customer attrition due to this friction.
Harnessing global intelligence
Estimating its fraud losses could hit $60 million per year by 2018 if it didn’t do something, Lloyds began searching for a solution which could spot the anomalies in connecting devices, locations and customer behaviour. The ThreatMetrix solution is underpinned by the Digital Identity Network, which harnesses global shared and anonymised intelligence from millions of daily consumer interactions including logins, payments and new account applications. With this, it creates a unique digital identity for each user by combining device profiling, threat intelligence, identity data and behavioural analytics.
Lloyds could therefore check every digital banking login attempt against these unique digital identities – checking that device, location and behaviour of the customer matched the anonymised information held by The Network. Potentially fraudulent remote access attempts were detected by taking information from the customer’s device, the transaction and the transaction context and correlating with historical transaction records and patterns of trusted customer behaviour to spot anomalies.
With ThreatMetrix, Lloyds was able to:
- Protect digital banking customers from fraudulent account takeover
- Accurately detect behaviour indicating a remote access session
- Detect malware attacks by looking at anomalies relating to devices, locations and login sessions
- Secure banking logins with minimal requirement for physical security tokens (2FA). These are costly to roll-out and can cause increased customer friction
Mindful of the potential costs and customer attrition associated with adding extra steps into the authentication process, Lloyds has made use of the following features for long-term success:
- The ThreatMetrix policy engine which is highly customisable, allowing Lloyds to fine-tune according to its own business strategy
- ThreatMetrix Trust Tags which can be associated dynamically with any combination of attributes (device, card number etc.) to differentiate between fraudsters and returning customers
- ThreatMetrix SmartID which identifies returning users that wipe cookies, use private browsing and change other parameters to bypass device fingerprinting – improving returning user detection and reducing false positives
- ThreatMetrix deep connection analysis technologies which accurately detect cloaking services like VPNs and TOR to see the true IP address, geo-location and other attributes
As financial institutions such as Lloyds are following the path of digital transformation, they are looking for the latest innovations on the market to correctly balance their security requirements whilst offering customers excellent digital banking experiences.
For more detail on the Lloyds case study please click here.