Swiping away bank fraud

By Namrata Jolly

Authentication and verification of consumers require flexibility, convenience, and security. But the onus has always been on the customer to prove their identity.

Last month, Infocomm Media Development Authority (IMDA), Monetary Authority of Singapore (MAS) and Singapore Police Force (SPF), announced that they had uncovered a S$500,000 (approximately US$368,000) fraud involving 75 bank customers in Singapore. 

This extremely sophisticated scam involved the compromise of overseas network operators and the diversion of SMS one-time passwords—all this without the customers knowing they were the victims. 

Phone fraud is a global problem costing banks millions of dollars every year in fraud. Yet the one-time password (OTP) is often used for verification because this centres on a commodity desired by both the bank and customer i.e., convenience. 

Authentication and verification of consumers require flexibility, convenience, and security. Adding too many security layers means consumers get frustrated by the steps they need to take before accessing their account, even if this is to prevent fraud. But the onus has always been on the customer to prove their identity. 

How did we get here?
It was all so simple before. 

Twenty years ago, banking customers visited their local branch in the high street, were recognised by the staff and given access to their account. This tried, tested, and low-risk authentication and verification process was commonplace but once the internet arrived, digital service providers have struggled to find a solution to proving the unseen customer’s identity.

Although digital transformation has helped increase productivity, efficiency, competitiveness, and reduce overheads, security has barely kept up. Over the years financial institutions have shifted their attention and money onto securing smartphone transactions with a reliance on OTPs; a technology with origins going back to 1919. 

The flaw here is OTPs are sent to a registered number on the assumption the device belongs to and is controlled by the customer. This assumption is OTP’s Achilles Heel and exploited mercilessly by hackers and is why phone fraud is rampant.

Path to rebuilding digital trust
The validation of digital identities is the key that unlocks trust in online services, from social media to mobile banking. For this to succeed, a fundamental change in how identities are established and verified to enable safe, secure, and protected online interactions needs to take place. 

There are technologies today that positively allow the identification of a genuine customer online without the need for an OTP and help to rebuild digital trust between the bank and customer.

As banks integrate their digital offerings to bring seamless experiences to users, customers must feel their digital identities and information are protected, otherwise, these newly minted digital services will never be a source of sustainable growth. 

Swipe, type, authenticate
The answer lies in technology dating back to the birth of the telegraph when messages were sent by morse code. Operators were able to be distinguished by the way in which they tapped out dots and dashes that also helped determine the validity of messages. 

This early form of behavioural biometrics was the forerunner to today’s vastly more advanced and accurate authentication method. 

The core technology is machine learning which is used to learn the behavioural biometrics of an individual including how they hold their phone, how they type or swipe their touchpad or computer keyboard. This is then layered with multiple layers of contextual data points such as device intelligence, threat detection, and cryptography.

All this information adds up to 99.999% identity accuracy and means fraud and other threats are prevented.

A simple swipe on the phone screen or how a password is typed is as unique as a fingerprint or retina effectively shutting out cybercriminals. Another upside is the ability for behavioural biometrics to stop or prevent through detection, numerous threats including password sharing, account takeovers, remote access trojans, identity fraud, and carelessness. 

The analysis of human gestures to verify a customer’s identity removes the need for one-time passwords, and importantly, builds digital trust. As digital transformation accelerates, consumer authentication and fraud detection will be made simpler, faster, and more secure with behavioural biometrics.

xxxxx

Namrata Jolly is an accomplished senior leader, having run large teams in the Financial services industry with - extensive experience across Asset management, Trust banking, Consumer Banking & Insurance, in the areas of Digital engagement, Experience, Customer segmentation, Operations and Technology.

Namrata has led cross-functional and cross-border- country, regional & global teams implementing strategic & transformational initiatives delivering business impact. She has a deep understanding of the various functions such as digital engagement, experience, marketing, operations & technology and the levers required to ensure business value. In her time at Citibank she was responsible for running Digital Engagement and Experience across Asia and Europe. At Prudential she has been responsible for Customer Experience & Segment Strategy as well as execution across all touchpoints- both Digital and physical.

She is a strong collaborator with proven negotiation and influencing skills in interaction with C-suite stakeholders and was instrumental in implementing the first-ever collaboration program of Prudential globally, with the Fintech, Insuretech community – Prufintegrate.

She is a strong supporter of diversity and the Co-founder of the Diversity initiative at Citigroup Japan, she is also a co-lead of the ‘Women in Fintech’ subcommittee at the Singapore Fintech Association.

Join Asian Banking & Finance community
Since you're here...

...there are many ways you can work with us to advertise your company and connect to your customers. Our team can help you dight and create an advertising campaign, in print and digital, on this website and in print magazine.

We can also organize a real life or digital event for you and find thought leader speakers as well as industry leaders, who could be your potential partners, to join the event. We also run some awards programmes which give you an opportunity to be recognized for your achievements during the year and you can join this as a participant or a sponsor.

Let us help you drive your business forward with a good partnership!

He rejoins Maybank from RHB, where he served as group managing director.
Muenkel was ING’s head of APAC for sustainable finance and GCM.
DBS will pay Citi in cash for the net assets plus a premium of S$956m.
The new Maybank2u SG (Lite) app offers e-angbao gifting and other money management features.
Capital will be used to develop cross-border services and push sustainability strategy.
Twenty banks are already live and have access to 24/7 real-time credit transfers.
All accounts under UCPB will be transferred under Landbank.
The public is urged to examine banknotes carefully after using a machine.
The second phase of the test will be carried out until 22 June.
OJK clarified that supervision of crypto is under Babbepti and the Ministry of Trade.
Strong anti-COVID measures allowed the market to reduce the pandemic’s impact.
The rate of their bad loans has hovered around 10% to 10.5%.
Darren Beatty has worked for the institutional banking teams of Westpac and CBA. 
Inconveniences in overseas travelling may reportedly turn away much-needed talent.