*This blog originally appeared on FindBiometrics
The number one challenge today in mobile banking is authenticating the user behind every action. Customers demand a quick and easy way to access services while banks want a Fort Knox type of security. Additionally, users also require assurances that their personal information is safe. With the proliferation of mobile devices, the dichotomy between security and the ease-of-use is becoming a pressing issue that the banks can no longer ignore.
Fraud Follows Accelerated Mobile Banking Adoption
The Consumers and Mobile Financial Services report shows that the number of mobile phone owners with a bank account has doubled in the past five years. Unsurprisingly, most of the users are millennials who are soon to become the leading force on the market. According to a survey by the US Federal Reserve Board, in 2015, 67% of millennials used mobile banking.
And although mobile payments are still a drop in the ocean when compared with payments over traditional channels, mobile banking is not something to be overlooked. While consumer payments in the US go around $4 trillion, mobile payments are set to exceed $220 billion this year. As financial institutions continue to expand their portfolios of mobile banking services, fraudsters are close to follow.
A survey by RSA shows another troubling trend: 60% of all confirmed fraudulent transactions in 2016 originated from a mobile device. With an almost 1:1 ratio between mobile and web transactions, the fraud rates in mobile banking are sure to increase.
The Real Cost of Fraud
According to the The Nilson Report 2015 report, fraud losses incurred by banks and merchants on all cards issued worldwide reached $16.31 billion. When we estimate that the global card volume totaled $28.844 trillion, this means that for every $100 in volume, 5.65¢ was fraudulent. If this wasn’t bad enough, the report goes on to predict that by 2020, losses will grow above $35 billion annually. Another recent study by Javelin Research places the current domestic losses at around $16 billion and growing quickly to $24 billion by 2018.
The above report does not take into account the indirect costs related to the problem of fraud. And what about the cost and frustration incurred by consumers who are often forced to spend endless hours dealing with fraud on their own accounts? While fraud costs banks billions of dollars every year, damage to their reputation can be almost impossible to recover from.
Security vs. UX: The Inevitable Clash?
As banks embrace mobile banking and other non-traditional channels to create relationships with clients, it becomes evident that security and fraud prevention on mobile banking apps needs to switch gears. And quick. With initiatives such as PSD2 and Open Banking the competition from newly emerging players in the FinTech sector is going to push banks to find innovative solutions to the security vs. UX conundrum.
Increased security, in most cases, means compromised user experience and increased friction for the user. For millennial users especially, convenience often trumps security considerations and financial institutions need to ensure their mobile banking apps are convenient to use, have great user experience, and are safe from fraudsters all at once.
The rapid adoption of mobile banking means that banks need to drastically rethink their approach to customer experience and mobile banking security.
But how to tackle the increasing need for better security measures for the users who want instant access with zero hassle?
Two Birds, One Stone: Behavioral Biometrics
So what comes after the era of passwords, 2FA and MFA? Static Biometrics such as fingerprints, voice, and iris scans have been a mainstay in mobile security for quite some time. Android and iOS users use fingerprint and face recognition technologies to unlock their mobile devices instantaneously. But static biometric data is actually quite easy to steal.
Jan Krissler, a well-known hacker, used high-resolution photos of Germany’s Minister of Defense, to bypass fingerprint authentication. In a similar stunt, Krissler managed to hack Apple’s TouchID technology only a day after its release by using a fingerprint left on the phone screen. But there is still a lot of potential for mobile devices that can be used to increase security without compromising the user experience. Dynamic biometrics combined with the data from sensors already installed on mobile devices takes the mobile authentication game to a whole new level. We are talking about Behavioral Biometrics.
Behavioral biometrics provide mobile banking apps with an invisible layer of security that continuously authenticates users by analyzing the unique ways they interact with their device via keystrokes, swipe patterns, scroll speed, etc. With the help of this data, behavioral biometrics parses through hundreds of parameters. Combined, these factors are impossible for fraudsters to mimic. Behavioral Biometrics offer continuous, passive authentication, which can differentiate between the real users and fraud attempts while reducing friction past the initial authentication.
Without real-time follow up, authentication at the login is not good enough. Behavioral biometrics enable mobile banking apps to provide users with continuous authentication, an approach that is especially useful in detecting malicious bots, RATs, hijacked sessions and other automated attacks that are based on using stolen valid user credentials. With fraud attacks growing in both volume and sophistication, the need for a passive, frictionless continuous authentication technology is becoming evident.
“It is one of the up and coming techniques for defending against fraud,” claims John Sarreal, Experian´s Product Management Director.
The Era of Behavioral Biometrics is Here
The global Behavioral Biometrics market is expected to grow at an impressive CAGR of around 17% by 2020. The unique ability of Behavioral Biometrics to bridge the gap between security and user experience seamlessly and conveniently is a significant factor that is driving this market growth.
With behavioral biometrics, banks once again have the upper hand, and major financial institutions across the globe turn to behavioral biometrics solutions to protect their mobile users while at the same time provide frictionless and highly secure mobile banking experience. And as a result, financial institutions can improve their mobile banking revenue and optimize their cross-selling processes while providing the users with a great user experience. As mobile banking adoption rates continue to grow, only those banks who ensure great UX and, at the same time, protect their users from fraud, will be able to get ahead of the competition.