Securing the Future of Mobile Banking
Posted March 22, 2018
Mobile has become the leading way for financial institutions of all shapes and sizes to acquire new customers, with more than 57 percent of new customer accounts coming from this channel.
Today’s customers are drawn to the immediacy of the mobile experience, therefore, banks and financial institutions must be able to provide instant decisioning on loans, payments and other transactions.
But making those decisions instantly, and securely, has become more difficult than ever in the wake of corporate data breaches that have exposed personally identifiable information to cybercriminals everywhere.
Danger on the Horizon
According to the latest Cybercrime Report from ThreatMetrix, the financial services industry saw 130 million attacks using stolen or fake credentials in 2017. The attack rate on payments in the financial services industry has grown 452 percent compared to 2015. And mobile account creation attacks have increased 382 percent compared to Q4 2015.
So, it is more critical than ever that businesses secure their mobile apps, as well as ensure the safety of the entire mobile experience – or risk alienating a large customer base.
However, this must happen in a way that is totally invisible to the consumer, as even 10 seconds of friction can lead to frustrated customers. And the authentication process taking too long was most frequently cited as the biggest cause of consternation among mobile banking customers in a study by Jumio and Javelin Strategy & Research.
Quickly and efficiently securing mobile transactions requires a deep understanding of the customer across the entire lifecycle – something that can’t be done with static login credentials and passwords. Like all digital businesses, financial incumbents and fintechs can only achieve this by understanding a user’s unique digital DNA.
Deep, Penetrating Risk Assessments with Zero User Interference
The good news is that the mobile platform offers abundant opportunities for multilayered analysis, which allows for highly accurate fraud prevention and authentication that is completely invisible to the user.
The key is to embrace deep profiling based on the transaction at hand, the device it is being performed on and the location of the transaction – all while cross-matching this back with historical behavior for that user.
This analysis includes:
Recognizing Returning Customers Instantly: Directing your customers to a dedicated mobile app significantly helps organizations recognize true returning customers. By bolstering apps with lightweight mobile SDKs that offer multilayered analysis to authenticate customers, businesses can achieve a very high recognition rate of returning customers. For example, Lloyds Banking Group was able to recognize 92-percent of trusted users on its mobile channel.
Persistent Device Identification: Mobile devices offer a wealth of invaluable information to assess whether a legitimate device is associated with a particular user. They can also be used to establish persistent, strong device authentication – using information based on the SIM card in the phone (and whether the mobile carrier associates the same SIM card with that user), and also by employing cryptographic keys to the device, which allow for instant re-authentication for returning devices.
Geo-Location: Location information based on GPS hardware allows organizations to assess how the true location of the transacting device compares with previous transaction locations and also the physical locations (billing and shipping, for example) associated with that individual. This is crucial for identifying suspicious behavior, such as location spoofing and proxies.
Biometrics: Users are increasingly comfortable with using such things as fingerprint or facial recognition for authentication, which can provide low-friction authentication across many applications and customer touchpoints. For example, banks might not require biometric authentication when checking a balance, but a payment over a specific dollar amount (set by the bank) might require a fingerprint scan. And the transfer of funds could require fingerprint and facial recognition scans.
Holistic Behavioral Analytics: A unique digital identity is made up of different behaviors across an individual’s personal and corporate life, and across the different services, websites and apps used. Tapping into shared data across platforms will give the full context needed to make real-time, accurate identity and trust decisions – in a manner that is completely invisible to the user.
Getting to Know You
With visibility into a user’s true identity, businesses can trust that the individual on the other end of a mobile transaction is in fact who they claim to be. As a result, more legitimate users flow straight through the mobile banking processes with little to no interruptions while fraudsters get stopped in their tracks and forced to turn their focus elsewhere.
Bolstered by this confidence, financial institutions can feel free to expand their mobile offerings and increase their reach into new geographies, as cross-border transactions – traditionally ripe for fraud – pose less of a risk than before.
Can’t Slow Down
The mobile banking revolution shows no signs of slowing down, with an estimated 1.2 billion mobile banking users around the world at the end of 2017. So it behooves established players and upstarts alike to make mobile banking the safe, secure and efficient experience that customers demand.
For those that don’t? Well, their participation in the mobile banking revolution might be over before it even starts.
To learn more about how to secure mobile transaction, check out our eBook “ThreatMetrix for Financial Services.”