Strengthening Mobile Payments with Continuous Authentication

*A version of this blog originally appeared on The Paypers

Now that smartphones are everywhere, the reasons for not using new applications have more to do with users’ security concerns rather than the lack of technology. According to the US Federal Reserve’s most recent Consumers and Mobile Financial Services report, more than two-thirds of those surveyed do not use banking or payment apps due to security concerns. However, many of these same users continue to use their desktop browsers to check their balance and pay their bills. So how can mobile banking catch up and encourage wider adoption?

Current authentication solutions essentially force the users to choose between either security or convenience. For millennials who comprise the majority of mobile banking user base, frictionless user experience is the key factor in their decision to use a mobile banking application. A recent survey has found that 83 percent of millennials valued convenience over safety, and 60 percent valued time more than safety. Millennial users care about speed and smooth user experience and are far less likely to verify their identity if it means compromising their own time.

As a result, currently available strong forms of authentication end up turning away millennial users from mobile banking applications. What is needed is an authentication method that ensures convenience without compromising security.


Continuous Authentication Fights Mobile Banking Fraud

Mobile banking applications remain vulnerable to attacks such as malware, malicious apps and SIM swapping.  For any financial services that are trying to grow the use of their mobile apps, strengthening security and effectively describing those benefits to their customers is clearly the biggest step they can take. With frequent news about various corporate hacks and data breaches, consumers are beginning to demand a system that protects them with more than just a password.

Attackers can gain access to a user’s account by stealing authentic user credentials,  and  with the increase of RATS, account takeovers and other advanced fraud methods used by hackers, one-time authentication, 2FA and sometimes even MFA are no longer enough to effectively protect mobile applications.

In order to effectively fight mobile banking fraud, it has become crucial to continuously verify that users are who they say they are throughout the length of the session. Previously, users were asked to authenticate themselves at various intervals during the use process. However, introducing extra authentication stages required to complete a transaction has a negative effect on user experience and thus discourages use.  Application  level security needs to be  to dynamically verify who is using an app every step of the way while maintaining frictionless experience for the end user.

Read more about Behavioral Biometrics

Behavioral biometrics to the rescue!

Behavioral biometrics learns from more than 100 different personal characteristics for every individual user such as finger pressure and typing speed to verify continuously the identity of the user as they interact with their device. Banks can decide on the level of authentication required to complete different types of transaction. The higher the risk associated with the type of transaction will determine the trust score a user’s profile needs to carry out that action. If the user’s trust threshold is too low to complete an action, bank’s can be notified. Behavioural Biometrics continuously ensures that only the intended user is using the app. With behavioral biometrics security is provided behind the scenes and the user doesn’t have to do anything extra that might hold them back or interrupt what they’re doing.


A Better experience for shopping and banking

Presently, mobile devices account for 19% of all US retail e-commerce sales, and this figure is estimated to reach a whopping 27% by the end of 2018. Both ecommerce merchants and payment providers absolutely must cater to mobile users.

Statistics show that a bad mobile experience will cause 40% of the users to turn to a competitor, yet an alarmingly high number of users still experience difficulties completing mobile transactions. That presents a great the opportunity for companies to capitalize on consumer conversion just by smoothing out mobile transaction experience for their customers.  

Behavioral biometrics can be built directly into any app to immediately improve the security of P2P payments, mobile banking or shopping. New users can start using your app quickly, because Behavioral biometrics employs hardware and technology already built into devices.

For merchants interested in forming a well rounded shopping experience, behavioral biometrics allows security that is seamlessly integrated with the user experience. Customers can learn about new products or sales, and then use the same app to complete the transaction without performing extra authentication steps, while at the same time feeling secure.

In Depth: Behavioral Biometrics vs Behavioral Analysis

Security Certified for the Future

Behavioral biometrics has been approved by the PSD2 as a valid authentication option. The time is right to create a better user experience for your customers while at the same time provide superior level of security. Under the new rules, merchants can choose whether to build payment options directly into their own apps, making security paramount. Behavioral biometrics ensures that mobile apps remain secure while maintaining fluid user experience.

Building customer trust is often challenging, and creating smoother and more secure technology can both bring people on board with a new app and keep them from abandoning transactions. Using behavioral biometrics reduces user complications and increases security without the need for any extra effort on the side of the user, such as remembering any extra passwords or login information.

Continuous biometric authentication means that even if a device is stolen, a hacker would have to impersonate over 100 unique characteristics to complete the next action - an impossible task by any measure.  This is the level of security we should all be providing to our users, without compromising on user experience.

Recent Posts

4 Reasons to Prioritize Mobile Fraud Prevention in 2021
Peak Season 2020: Account Takeover is Here to Stay and Other Takeaways
It's Time We Confront These Common Myths About Behavioral Biometrics
[Infographic] Breaking Down the Fraud Flow of Account Takeover
Emulator Fraud-as-a-Service: The Threat Landscape Continues to Evolve

Follow Us