As more consumers turn to digital banking, they expect to be able to onboard and access financial institutions (FIs) with ease; seamlessly managing their finances on any connected device, from any location.
However, at the same time fraudsters and hackers are becoming more sophisticated and launching ever more complex cyberattacks against banks and other FIs.
In fact, the number of customers asking the Financial Ombudsman Service in the UK for help with fraud and scams complaints increased by 66% in the first quarter of the 2021/22 financial year. Further figures from UK Finance found that losses due to mobile banking fraud reached £17.1 million in the first six months of 2021, up 127% compared to the same period in 2020.
Risk management strategies and authentication policies need to adapt to meet this growing threat. An increasing number of connections for consumer (and gateways for hackers), new regulations and the increasingly complex and sophisticated nature of cyberattacks calls for a more automated and agile approach.
Introducing risk-based authentication
Risk-based authentication (RBA) is an identification that varies based on certain behaviours and characteristics. It automatically undertakes a risk assessment of a customer and determines threat risk based on those characteristics – including a user’s IP address, physical location, browser history, device and their behaviour.
RBA checks each transaction and user on a case-by-case basis, unlike traditional systems. For consumers it offers the highest level of security, with the least interruption or disruption to their day-to-day user experience.
The growing cyber threat, plus the need for consumers to have a seamless experience, means that RBA is no longer a nice to have but a vital system that any FI should implement.
Still unsure? Here are three of the biggest arguments making a case for RBA:
1. For a better user experience
85% of all online traffic for FIs comes from a trusted source, so it’s time to start treating them with the trust they deserve. By introducing risk management and behavioural biometrics, FIs can recognise legitimate users and detect anomalies in the network. When a ‘good’ user is recognised and the risk is low, you can allow a login or transaction without asking for any additional authentication, for a totally frictionless experience.
User experience is more important than ever before to not only attract new customers, but keep current ones. Nowadays it is much easier to shift to another supplier if they offer a better experience; and the customer of today is not afraid to do so. In fact, 35% will cancel or delete an account or app if they have trouble accessing it. Traditional banks cannot afford to lag behind neo banks when it comes to offering the best digital banking user experience.
2. Stop evolving fraud
Online banking is fast becoming the norm, and 82% of consumers who used online or mobile banking for the first time during the pandemic plan to continue to use this channel – meaning we can expect to see greater effort from cyber criminals.
Automated attacks used for account takeover are becoming more sophisticated, and imitate human behaviour to evade standard bot-detection tools. The behavioural biometrics and analytics on offer with RBA systems are specifically designed to detect fraudulent behaviour.
3. Comply with regulations
FIs are increasingly faced with new regulations, and a lot of these are looking to find a balance between security and user convenience, putting risk-based authentication at centre stage. For instance:
- PSD2 in EU allows an exemption from strong customer authentication (SCA) if a real time risk analysis deem the risk as low, which improves UX. It also states that “payment service providers shall have transaction monitoring mechanisms in place that enable them to detect unauthorised or fraudulent payment transactions”
- FFIEC in US states that “FI management should develop a layered approach to mitigate operational risks … this may include implementing security techniques … using transaction monitoring and geolocation techniques to identify anomalous transactions”
- MAS in Singapore says that “FI should implement real-time fraud monitoring systems to identify and block suspicious or fraudulent online transactions”
- Banco Central Circular in Argentina says “Each immediate transfer scheme must support your fraud analysis with tools that allow you to identify suspicious patterns.”
Digital banking is the norm, and RBA is now a necessary solution to protect customers. Check back on this blog for further discussion on RBA.