The following article is a Guest Post by Noa Benari, Vice President Marketing, SecuredTouch.
Authenticating the user behind every action is the number one challenge in mobile banking today. Banks want a Fort Knox type of security while users demand a quick and easy way to access services. At the same time, the users also require assurances that their personal information is safe. With the proliferation of mobile devices, the dichotomy between security and the ease-of-use became a pressing issue that the banks can no longer ignore.
Fraud Follows Accelerated Mobile Banking Adoption
The data included in the Consumers and Mobile Financial Services report shows that the number of mobile phone owners with a bank account has doubled in the past five years. Most of the users are millennials who are soon to become the leading force on the market. Millennials have already become the force to be reckoned with. According to a 2015 survey by the US Federal Reserve Board, in 2015, 67 percent of millennials used mobile banking.
And although mobile payments are still a drop in the ocean when compared with payments over traditional channels, mobile banking is not something to be overlooked. While consumer payments in the US go around $4 trillion, mobile payments are set to exceed $220 billion this year. As financial institutions continue to expand their portfolios of mobile banking services, fraudsters are close to follow.
A survey by the RSA shows another troubling trend: 60 percent of all confirmed fraudulent transactions in 2016 originated from a mobile device. With an almost 1:1 ratio between mobile and web transactions, the fraud rates in mobile banking are sure to increase.
The real cost of fraud
The Nilson Report 2015 reveals highly troubling trends. According to the report, fraud losses incurred by banks and merchants on all cards issued worldwide reached $16.31 billion. When we estimate that the global card volume totaled $28.844 trillion, this means that for every $100 in volume, 5.65¢ was fraudulent. If this wasn’t bad enough, the report goes on to predict that by 2020, losses will grow above $35 billion annually. Another recent study by Javelin Research places the current domestic losses at around $16 billion and growing quickly to $24 billion by 2018.
As if the numbers weren’t bad news already, the above report does not calculate the indirect costs related to the problem of fraud. And don’t forget about the cost and frustration incurred by consumers who are often forced to spend endless hours dealing with fraud on their own accounts. While fraud costs banks billions of dollars every year, damage to a reputation can be impossible to recover from.
Security vs UX: the inevitable clash?
As banks embrace mobile banking and other non-traditional channels to create relationships with clients, it becomes evident that security and fraud prevention on mobile banking apps needs to switch gears. And quick. With initiatives such as PSD2 and Open Banking the competition from newly emerging players in the FinTech sector is going to push banks to find innovative solutions to the security vs. UX conundrum.
Increased security, in most cases, means compromises in user experience and increased friction for the user. For millennial users especially, convenience often trumps security considerations and financial institutions need to ensure their mobile banking apps are convenient to use, have great user experience, and are safe from fraudsters all at once.
The rapid adoption of digital banking channels, especially mobile, means that banks need to drastically rethink their approach to customer experience and mobile banking security.
But how to tackle the increasing need for better security measures for the users who want instant access with zero hassle?
Two birds, one stone: Behavioral Biometrics
So what comes after the era of passwords? 2FA and MFA? Static Biometrics such as fingerprints, voice, and iris scans have been a mainstay in mobile security for quite some time. Android and iOS users use fingerprint and face recognition technologies to unlock their mobile devices instantaneously. But static biometric data is actually quite easy to steal.
Jan Krissler, a well-known hacker, used high-resolution photos of Germany’s Minister of Defense, to bypass fingerprint authentication. In a similar stunt, Krissler managed to hack Apple’s TouchID technology only a day after its release by using a fingerprint left on the phone screen. But there is still a lot of potential for mobile devices that can be used to increase security without compromising the user experience. Dynamic biometrics combined with the data from sensors already installed on mobile devices takes the mobile authentication game to a whole new level. We are talking about behavioral biometrics.
Behavioral biometrics provide mobile banking apps with an invisible layer of security that continuously authenticates users by analyzing the unique ways they interact with their device via keystrokes, swipe patterns, scroll speed, etc. With the help of this data, behavioral biometrics parses through hundreds of parameters. Combined, these factors are impossible for fraudsters to mimic. Behavioral biometrics offer continuous, passive authentication, which can differentiate between the real users and fraud attempts while reducing friction past the initial authentication.
Authentication at login without real-time follow up, doesn’t cut it anymore. Behavioral biometrics enable mobile banking apps to provide their users with continuous authentication, an approach that is especially useful in detecting malicious bots, RATs, hijacked sessions and other automated attacks that are based on using stolen valid user credentials. With fraud attacks growing in both volume and sophistication, the need for a passive, frictionless continuous authentication technology is becoming evident.
“It is one of the up and coming techniques for defending against fraud,” claims John Sarreal, Experian’s Product Management Director.
The Era of Behavioral Biometrics is Here
Technavio’s market research predicts the global behavioral biometrics market to grow at an impressive CAGR of around 17 percent by 2020. A significant factor that drives market growth is the unique ability of behavioral biometrics to bridge the gap between security and user experience seamlessly and conveniently. Preventing chargebacks and reputational damage, while at the same time reducing friction, will be the driving force behind accelerating behavioral biometrics adoption in 2018.
With behavioral biometrics, banks once again have the upper hand, and major financial institutions across the globe turn to behavioral biometrics solutions to protect their mobile users while at the same time provide frictionless and highly secure mobile banking experience. And as a result, financial institutions can improve their mobile banking revenue and optimize their cross-selling processes while providing the users with a great user experience. As mobile banking adoption rates continue to grow, only those banks who ensure great UX and, at the same time, protect their users from fraud, will be able to get ahead of the competition.
November 13, 2017