Updated as of February 10th 2019
Since 2017, the number of mobile phone users with bank accounts has more than doubled. More than half of U.S. adults with bank accounts used their smartphones for mobile banking in 2018, and unsurprisingly, millennials are the main group leading this shift. But the monumental rise in mobile payments is making it an increasingly valuable target to fraudsters. And as mobile banking grows, so does the number and sophistication of fraudsters looking to exploit it.
The industry is already seeing the effects of this change. A survey by RSA shows a troubling trend: the number of fraudulent transactions originating from mobile apps grew 600% since 2015. Michael Lynch, Chief Strategy Officer of InAuth, summarizes: "with the exponential increase in customers using their mobile device for more transactions than ever before, ...it’s not surprising that fraudsters continue to seek ways to exploit the mobile channel, making it imperative to protect against malware and crimeware attacks."
The Real Cost of Fraud
A study by LexisNexis found that U.S. financial services companies spend $2.67 for every dollar of fraud. These costs increase to $3.04 for companies that rely on online and mobile channels for most of their revenue. With global fraud costs reaching £3.2 trillion (4.08 trillion USD), this is a huge amount of risk for financial services companies.
These estimates don't take into account the indirect costs of fraud, such as the damage to the companies' reputations. And what about the cost and frustration incurred by consumers who are often forced to spend countless hours dealing with fraud on their accounts? Fraud may cost banks billions of dollars each year, but damage to their customer goodwill can be almost impossible to recover from.
Security vs. UX: the Inevitable Clash?
As banks embrace mobile banking and other non-traditional channels to create relationships with clients, it becomes evident that security and fraud prevention on mobile banking apps needs to switch gears. And fast. With initiatives such as PSD2 and Open Banking, the competition from newly emerging players in the FinTech sector is going to push banks to find innovative solutions to the security vs. UX conundrum.
Increased security, in most cases, means compromised user experience and increased friction for the user. For millennial users especially, convenience often trumps security considerations, and financial institutions need to ensure their mobile banking apps combine convenience, a great user experience, and security in the face of fraudsters..
The rapid adoption of mobile banking means that banks need to drastically rethink their approach to customer experience and mobile banking security.
But how will banks tackle the increasing need for better security measures for the users who want instant access with zero hassle?
Two Birds, One Stone: Behavioral Biometrics
So what comes after the era of passwords, 2FA and MFA? Static Biometrics such as fingerprints, voice, and iris scans have been a mainstay in mobile security for quite some time. Android and iOS users use fingerprint and face recognition technologies to unlock their mobile devices instantaneously. But static biometric data is actually quite easy to steal.
Jan Krissler, a well-known hacker, used high-resolution photos of Germany’s Minister of Defense, to bypass fingerprint authentication. In a similar stunt, Krissler managed to hack Apple’s Touch ID technology only a day after its release by using a fingerprint left on the phone screen. But there is still a lot of potential for mobile devices that can be used to increase security without compromising the user experience. Dynamic biometrics combined with the data from sensors already installed on mobile devices takes the mobile authentication game to a whole new level. We are talking about Behavioral Biometrics.
Behavioral Biometrics provide mobile banking apps with an invisible layer of security that continuously authenticates users by analyzing the unique ways they interact with their device via keystrokes, swipe patterns, scroll speed, etc. With the help of this data, behavioral biometrics parses through hundreds of parameters, which combined, are impossible for fraudsters to mimic. Behavioral Biometrics offer continuous, passive authentication, which can differentiate between real users and fraud attempts while reducing friction past the initial authentication.
Without real-time follow up, authentication at the login is not good enough. Behavioral Biometrics technology enables mobile banking apps to provide users with continuous authentication, an approach that is especially useful in detecting malicious bots, RATs, hijacked sessions and other automated attacks that are based on using stolen valid user credentials. With fraud attacks growing in both volume and sophistication, the need for a passive, frictionless continuous authentication technology is becoming evident.
“It is one of the up and coming techniques for defending against fraud,” claims John Sarreal, Experian´s Product Management Director.
The Era of Behavioral Biometrics is Here
The unique ability of Behavioral Biometrics to bridge the gap between security and user experience seamlessly and conveniently, is a significant factor that will continue to drive the global Behavioral Biometrics market growth.
With Behavioral Biometrics, banks once again have the upper hand, which is why major financial institutions across the globe turn to Behavioral Biometrics based solutions, to protect their mobile users, while providing a frictionless and highly secure mobile banking experience. As a result, financial institutions can improve their mobile banking revenue and optimize their cross-selling processes, while providing users with a great user experience. As mobile banking adoption rates continue to grow, only those banks who ensure great UX and, at the same time, protect their users from fraud, will be able to get ahead of the competition.