Swiping away bank fraudBy Namrata Jolly
Authentication and verification of consumers require flexibility, convenience, and security. But the onus has always been on the customer to prove their identity.
Last month, Infocomm Media Development Authority (IMDA), Monetary Authority of Singapore (MAS) and Singapore Police Force (SPF), announced that they had uncovered a S$500,000 (approximately US$368,000) fraud involving 75 bank customers in Singapore.
This extremely sophisticated scam involved the compromise of overseas network operators and the diversion of SMS one-time passwords—all this without the customers knowing they were the victims.
Phone fraud is a global problem costing banks millions of dollars every year in fraud. Yet the one-time password (OTP) is often used for verification because this centres on a commodity desired by both the bank and customer i.e., convenience.
Authentication and verification of consumers require flexibility, convenience, and security. Adding too many security layers means consumers get frustrated by the steps they need to take before accessing their account, even if this is to prevent fraud. But the onus has always been on the customer to prove their identity.
How did we get here?
It was all so simple before.
Twenty years ago, banking customers visited their local branch in the high street, were recognised by the staff and given access to their account. This tried, tested, and low-risk authentication and verification process was commonplace but once the internet arrived, digital service providers have struggled to find a solution to proving the unseen customer’s identity.
Although digital transformation has helped increase productivity, efficiency, competitiveness, and reduce overheads, security has barely kept up. Over the years financial institutions have shifted their attention and money onto securing smartphone transactions with a reliance on OTPs; a technology with origins going back to 1919.
The flaw here is OTPs are sent to a registered number on the assumption the device belongs to and is controlled by the customer. This assumption is OTP’s Achilles Heel and exploited mercilessly by hackers and is why phone fraud is rampant.
Path to rebuilding digital trust
The validation of digital identities is the key that unlocks trust in online services, from social media to mobile banking. For this to succeed, a fundamental change in how identities are established and verified to enable safe, secure, and protected online interactions needs to take place.
There are technologies today that positively allow the identification of a genuine customer online without the need for an OTP and help to rebuild digital trust between the bank and customer.
As banks integrate their digital offerings to bring seamless experiences to users, customers must feel their digital identities and information are protected, otherwise, these newly minted digital services will never be a source of sustainable growth.
Swipe, type, authenticate
The answer lies in technology dating back to the birth of the telegraph when messages were sent by morse code. Operators were able to be distinguished by the way in which they tapped out dots and dashes that also helped determine the validity of messages.
This early form of behavioural biometrics was the forerunner to today’s vastly more advanced and accurate authentication method.
The core technology is machine learning which is used to learn the behavioural biometrics of an individual including how they hold their phone, how they type or swipe their touchpad or computer keyboard. This is then layered with multiple layers of contextual data points such as device intelligence, threat detection, and cryptography.
All this information adds up to 99.999% identity accuracy and means fraud and other threats are prevented.
A simple swipe on the phone screen or how a password is typed is as unique as a fingerprint or retina effectively shutting out cybercriminals. Another upside is the ability for behavioural biometrics to stop or prevent through detection, numerous threats including password sharing, account takeovers, remote access trojans, identity fraud, and carelessness.
The analysis of human gestures to verify a customer’s identity removes the need for one-time passwords, and importantly, builds digital trust. As digital transformation accelerates, consumer authentication and fraud detection will be made simpler, faster, and more secure with behavioural biometrics.
Namrata Jolly is an accomplished senior leader, having run large teams in the Financial services industry with - extensive experience across Asset management, Trust banking, Consumer Banking & Insurance, in the areas of Digital engagement, Experience, Customer segmentation, Operations and Technology.
Namrata has led cross-functional and cross-border- country, regional & global teams implementing strategic & transformational initiatives delivering business impact. She has a deep understanding of the various functions such as digital engagement, experience, marketing, operations & technology and the levers required to ensure business value. In her time at Citibank she was responsible for running Digital Engagement and Experience across Asia and Europe. At Prudential she has been responsible for Customer Experience & Segment Strategy as well as execution across all touchpoints- both Digital and physical.
She is a strong collaborator with proven negotiation and influencing skills in interaction with C-suite stakeholders and was instrumental in implementing the first-ever collaboration program of Prudential globally, with the Fintech, Insuretech community – Prufintegrate.
She is a strong supporter of diversity and the Co-founder of the Diversity initiative at Citigroup Japan, she is also a co-lead of the ‘Women in Fintech’ subcommittee at the Singapore Fintech Association.