With mobile phones serving as full computing platforms as well as popular tools for banking, transactions and payments, they are natural candidates for fraudsters seeking sensitive user data. Applying sophisticated cyber weaponry such as malware, phishing apps and SIM swapping, attackers are making increasingly sophisticated attacks against large enterprises, banks and governments by targeting mobile devices of employees. No industry is safe, as attackers are successfully detecting various vulnerabilities to crack different systems and devices. Classic protection tools such as two-factor or multifactor authentication are no longer effective in deflecting new attack methods.
This is where continuous authentication plays a crucial role. To quote Avivah Litan, fraud expert and analyst for the Gartner consultancy: “You have to assume the criminals can get through one layer, they can get through two, they can even get through three. But if you have multiple layers up to five and you're continuously authenticating that user and continuously looking at their activities against their profile, you should be in pretty good shape.”
Continuous Authentication Thwarts Mobile Banking Fraud
Using sophisticated penetration tools, cyber attackers can sometimes gain access to a user’s account after cracking his or her authentic credentials through clever phishing scams or merely stealing the phone. With the increase of RATS, account takeovers, business email compromise (BEC), and other methods used by hackers after gaining entry, one-time authentication, 2FA and sometimes even MFA are not enough to protect mobile devices against attacks.
The cost of breaches is very high: Forrester notes that account takeovers alone cause between $6.5 billion and $7 billion in annual losses across financial services, insurance, healthcare and other industries. The FBI IC3 report indicated a 53% increase in BEC/EAC attacks from 2015 to 2016, with a 46% increase in the monetary losses associated with these incidents.
Thus, it has become crucial to verify that users are who they say they are throughout the length of the session in order to effectively fight mobile banking fraud. Previously, users were asked to authenticate themselves at various intervals during the use process, hindering and complicating the user experience. Today, invisible but continuous authentication is being applied to dynamically verify who is using an app every step of the way.
The most effective form of continuous authentication is based on dynamic biometrics, which gauges the way an individual interacts with the device. This pattern of interaction is completely unique to the user, and it cannot be replicated (as opposed to physical biometrics - like fingerprints or facial recognition - which can be copied and replayed).
Behavioral Biometrics - Is it Really You?
Behavioral biometrics provides foolproof continuous authentication by evaluating behavioral traits of a user interacting with a mobile device. Powered by machine learning capabilities, behavioral biometrics dynamically monitors and improves the accuracy of its continuous authentication capabilities. As most smartphones are already equipped with the sensors required to conduct this kind of analysis, implementation is easy and fast. With a precise user profile in place, any attempt on the part of a fraudster to take over the session will be immediately detected and neutralized.
The technology also enables risk-based authentication by generating risk scores for various customers. This is especially useful when authenticating multiple users on a shared account. It also ensures a secure range of risk transactions including higher dollar limits, same-day payments or P2P transactions.
Accurate Authentication without the Hassle
The heat is on: PSD2 and open banking are here! Amongst other things, PSD2 and open banking gives FinTech more opportunity to enter into a market that was traditionally reserved for only banks. Banks must now be able to offer innovative and secure platforms with advanced functionality to keep up with FinTech. And vice versa, FinTech companies need to have enough added value that customers will use their offering instead of the banks’. While security is a major consideration, it cannot come at the expense of a smooth user experience. Entering numerous passwords, usernames and answers to security questions is a hassle that must be avoided. Needless to say, both traditional banks and innovative Fintech companies must work hard on offering solutions that are innovative, safe and improve user experience all at the same time.
Behavioral biometrics increases security without negative impact on the user experience, since the authentication process demands no active participation from the user. In effect, the individual’s inherent body traits are providing highly accurate identity authentication means throughout the session without any conscious personal involvement.
Fraudsters have taken cyber attacks to the next level of warfare and you can’t afford to be left holding rusty, ineffective weapons to fight them. Continuous authentication is no longer an option, it is a requirement; to effectively stymie the onslaught of fraud it is essential to continuously verify that users are who they say they are throughout the length of the session.