Detecting and preventing fraud is an ongoing problem for banks. While there are solutions today, they often increase security at the cost of the customer experience. This post explores a possible solution to this tradeoff.
In our last post "The Dark Side of Fraud Prevention", we discussed how modern fraud prevention techniques have failed to strike a balance between security and usability. While fraud prevention keeps users and banks secure, the effort that goes into detecting fraud is frustrating users and costing banks money. With modern solutions, this becomes a trade-off: the more fraud detection and prevention added to banking platforms, the poorer the UX. With digital and mobile banking becoming more ubiquitous, these solutions need another solution that allows for both.
What Do Modern Solutions Struggle With?
Modern solutions face two problems in particular: high false positive rates and high transaction abandonment rates.
High False Positive Rates
Over 95% of alerts generated by automated solutions today turn out to be false positives, and only 2% are reported as genuine suspicious activity. Not only does this costs banks £2.7 billion per year on false leads, but in some cases it prevents customers from making legitimate transactions. With new developments in anti-money laundering (AML) technology, this rate is expected to decrease by over 50%.
Users want banking to be as straightforward as possible, and any obstacles could cause them to abandon transactions. Over 81% of online financial transactions were abandoned in Q4 2017. For many users, a key factor is the complexity and length of the authentication process; the average user has 150 online accounts, which means 150 e-mail addresses, passwords, and login processes to remember. While features such as tokens, two-factor and multi-factor authentication, and SMS-based codes offer greater security, they also introduce friction. 43% of Millennials abandoned mobile banking activities because the process was too long or complex, and 83% openly value convenience over security. To reduce the number of abandoned transactions, banks need to provide more convenient authentication methods for their users.
How Does Continuous Authentication with Behavioral Biometrics Help?
Behavioral biometrics is already being used by banks to both reduce the rate of false positives and provide a smoother experience for users.
Reducing the False Positive Rate
A lot of the authentication data points used today rely on information that is non-unique, volatile, or even forgeable. Geolocation and fingerprint scans are two examples that sound good on paper, but aren't always consistent. Even device fingerprinting—which builds a profile of the user's device based on its hardware and capabilities—is much limited due to the appliance-like nature of mobile devices, and can even be fooled by emulators.
Because behavioral biometrics combines device features with user attributes, it creates a much more extensive profile. This lets it succeed in scenarios where even advanced data points fail. For instance, device fingerprints are vulnerable to emulation, but behavioral biometrics can easily differentiate between real devices and emulators posing as real devices. Behavioral biometrics takes into account hundreds of factors such as the user's typing speed, finger pressure, and how the device is held. The authentication process works behind the scenes and continues as long as the app is in use, verifying users without their direct input.
All of this contributes towards unique per-user profiles which are both easy to validate and difficult to forge, benefiting both the user and the bank. Users no longer need to manually authenticate themselves, and banks no longer need to spend a significant amount of time, money, and resources on manual checks.
Reducing Transaction Abandonment
Balancing usability and security is more important now than ever before, but users are growing frustrated with current authentication methods. Whenever a user needs to stop what they're doing to verify their identity, they become less motivated to complete the original process, resulting in friction. Passwords, tokens, and one-time codes are methods used today to increase security, but these create friction for the user. Even static biometrics such as fingerprints and facial scans present a roadblock to the user, while still being vulnerable to theft.
Continuous authentication with behavioral biometrics greatly reduces the amount of friction even in high-risk transactions. With continuous authentication, users are verified over the course of their banking session. Each successful verification contributes to a trust score, which authenticates the user for high-risk transactions such as large withdrawals or money transfers. Only users with a low-risk score are asked to authenticate themselves, resulting in a strong balance between security and usability.
In addition to reducing the number of abandoned transactions, behavioral biometrics makes it easier for banks to add high-risk services to mobile channels. Since behavioral biometrics is more effective at identifying and verifying users compared to traditional means, services requiring strong authentication can leverage behavioral biometrics to reduce the risk of fraud.
All roads lead to here
Current fraud protection measures solve a lot of problems, yet they have introduced an added layer of unforeseen issues. By continuing to use these tools, banks will not only manage to frustrate their customers but it will also cost them money. With data proving the inevitable growth of mobile banking, these problems will just get worse. It is clear that an alternative solution needs to be found and that continuous authentication using behavioral biometrics can become the go-to choice.