Whether banks are acquiring new technologies or building their own solutions, increased adoption of mobile banking apps means increased vulnerability to fraud and cyber attacks.
Gaining back customer trust after a breach or a hack is challenging and contributes to both short and long-term losses that need to be carefully considered. Addressing the vulnerabilities in mobile banking applications is not an issue that can be dealt with post-factum; once the breach happens, it might prove impossible to regain consumer trust and rebuild the reputation.
Mobile Banking Fraud Is Costly
A recent IBM Security and Ponemon study found that each stolen client record results in an average $141 loss, with the average total cost for a malicious data breach amounting to $3.62 million in 2016. However, these are just the direct costs of a data breach. If hackers got their hands on PII records, a wave of fraud will follow, and the costs of the subsequent fraudulent activity can be much harder to estimate.
According to the 2015 AFP Payments Fraud and Control Survey, 65% of financial professionals indicated their organizations were victims of payments fraud in 2014. The study also notes that it is “up to 7 times more difficult to prevent fraud in remote channels than in person.”
Fraudsters implement new fraud schemes by blending old tactics (such as the use of compromised user credentials) with new technologies by targeting vulnerabilities in the mobile phone systems. Account takeover using valid user credentials is a real threat to retailers and financial institutions. The threat of account takeover is very real, especially now that many users are storing PII on their devices and in the cloud. According to Verizon 2016 Data Breach Investigations Report, 63% of data breaches result from weak or stolen passwords. As banks expand their mobile banking offerings, fraudsters certainly will be close behind. That is why changing the mindset from 2FA, and MFA authentication to continuous risk-based authentication is so important to address these evolving threats.
Fraud prevention in mobile banking apps is of paramount importance in maintaining the trust and safety of users. The cost of gaining back consumer trust is difficult to estimate, but it is certainly won’t come cheap. In July, UniCredit announced that it was victim of a security breach and while the security team was ultimately able to secure this breach, the bank has pledged to spend nearly $2.6 billion on repairing and upgrading their IT infrastructure.
The most popular fraud methods that affect mobile banking include mobile malware and phishing, malicious apps that give third parties access to personal information or the ability to alter phone functionality. Users can also be targeted for phishing attacks via text messaging.
Fraudsters can steal sensitive PII information including login credentials, device IDs, and transaction data from mobile devices. Fraud prevention can no longer be an afterthought when it comes to mobile banking applications.
How does Behavioral Biometrics fit in?
According to a Fiserv study of mobile banking ROI, each active mobile user adds $200 in additional annual revenue. That value is sure to increase as customers use their smartphones for even more transactions.
Behavioral biometrics is a continuous authentication method, that offers security throughout the session, not just at log-in. This functionality allows to identify fraudsters that would otherwise stay undetected, such as those who have access to valid log-in credentials, or those perpetrated through scripted attacks.
The problem with standard security protocols is that with each new layer of authentication, ensuring a smooth customer experience becomes more challenging. Employing a security system that not only enhances security, but also simplifies user experience, helps to grow your customer base, having a direct effect on the bottom line.
Customer Is King
As we know, customer is king, and having an authentication solution that continuously runs in the background without compromising customer experience is invaluable. The clearer and smoother any action is, the more likely users will complete their intended tasks.
According to MEF Mobile Money Report, mobile transaction abandonment rate before checkout is extremely high and reaches up to 58%. These results are confirmed by research conducted by eWEEK, which showed similar numbers - an overall 56% mobile transaction abandonment rate. The main reasons cited by both sources are: mobile shoppers’ security concerns are not being properly addressed, they feel that they need to divulge too much sensitive information, the checkout process is too complicated, as well as slow loading times. All these concerns can be properly addressed with Behavioral Biometrics.
After implementing SecuredTouch behavioral biometrics on their digital wallet application, LeumiCard’s EVP of Business Development & Strategy, Ohad Maimon said, “We experienced a reduction in transaction abandonment by not requiring multiple layers of authentication, providing a frictionless user experience.”
By setting appropriate levels of authentication required for the specific transaction, risk-based authentication allows users to do more than even before from their mobile banking application. For example, if a user profile only has an 85% score, then he might be limited the the amount of money he can transfer during that session. Yet, if he was to score above 90% he might be able to make unlimited transfers to any other account in the same country. This added richer functionality gives users more power and adds to a bank’s profitability. It’s win-win.
By including a wider range of data points, behavioral biometrics reduces the number of false positives, as is often the case when the mobile app user is travelling abroad. Not only does this lower the volume of false alerts that your fraud team will have to deal with it also frees them up to focus on other projects rather than constantly putting out fires, drastically reducing the need for manual reviews.
Mobile banking is a competitive industry, and maintaining a reputation as a trusted industry leader requires a high-level of consumer trust. As a result, any breach can have irreversible consequences with a devastating effect on the bottom line. Governments and regulatory agencies have been requiring ever more stringent security standards over the recent years. Implementing those rules requires long-term planning and development. Even typical multi-factor authentication using combinations like a password, an SMS code and a fingerprint ID is no longer enough.
Behavioral biometrics is a cutting edge technology that can help banks stay ahead of the game and has recently been accepted as an approved method of authentication by the EU’s PSD2. By design, behavioral biometrics also does not compromise PII, so even in the case of a breach, sensitive customer data will not be jeopardized.
When calculating an ROI of any technological product, it is important to carefully weigh the costs and benefits of each solution. In this case:
Reduce Fraud : Behavioral biometrics drastically reduces fraud by utilizing hundreds of parameters for each individual user that are impossible for fraudsters to mimic.
Security Throughout the Session: Continuous authentication ensures that a legitimate session can not be hijacked by a hacker.
Improve UX: Reduced friction and a smooth customer experience result in higher transaction completion rates.
Provide More Services: Risk-based authentication allows users to do more on mobile devices.
Less Manual Reviews: False positives are drastically reduced, and your team can concentrate on real issues instead of wasting time on chasing shadows.
Less False Positives: Reduced false positives remove user frustration when legitimate transactions are declined.
Behavioral biometrics is a superior solution when a high-level of security is required without compromising the customer experience. With the recent high-profile breaches making the headlines and new regulations and compliance requirements putting pressure on mobile banking and requiring stronger authentication, there no doubt that Behavioral Biometrics is going to become an industry standard soon.