Customers interact with banks through a growing number of channels, and as a result, there are myriad factors that banks need to take into account in order to facilitate the different options.
The question of when and how to authenticate identity has become particularly important, as has the data that is used and the processes that are put in place to ensure strong customer authentication compliance. What’s more, consumers now expect unified services with a seamless experience and will have no qualms about going elsewhere if banks can’t provide them.
Identity or authentication?
“For any organisation it is important to clarify what we mean by identity and authentication, and how these terms differ,” says Ian Holmes, Global Lead for Enterprise Fraud Solutions at SAS Fraud Management. “Organisations use identity to ensure that only authorised individuals can access information for the appropriate reasons. Authentication, on the other hand, is the key in the lock for identity, allowing customers to go on to execute transactions.”
Authentication is required in all channels of interaction, and there are varying means to achieve it. For example, banks can use knowledge factors such as passwords, possession factors such as ID cards or authentication tokens, and inheritance factors such as biometrics to verify users. Each factor has its own unique challenges, however, presenting various security flaws such as weak credentials or the risk of losing physical tokens.
Moreover, in today’s era of digital banking, resilient fraudsters can counterfeit many pieces of information to compromise user identities. This has devastating consequences for all involved, whether it be customers whose data is compromised, or banks whose reputation is damaged. It goes without saying that identity theft is clearly a grave threat.
The extent of the problem
Identity fraud is a growing concern that affects both businesses and customers, especially when fraudulent activity affects innocent people’s credit scores. Recent research from credit reporting company Experian found that financial fraud has risen by 14% this year alone, with fraudsters turning their attention to younger people who have just bought their first home. It has therefore become vital that banks take action to pre-emptively detect identity theft. But this is, of course, much easier said than done.
Modern hackers are using powerful tools to steal identity information. For example, ‘geo-spoofing’ enables criminals to use intermediate computers to hide their IP address and appear in a location that matches the stolen credentials. Elsewhere, hackers are implementing bots that use automated scripts to guess passwords.
The extent of the identity problem becomes clear when the statistics are explored. For example, research shows that it takes the average victim seven months to become aware of identity fraud, and in some cases, it can even take years. What’s more, once an attack is discovered, the average cybercrime victim in the UK spends 14.8 hours dealing with the aftermath. These are worrying facts, considering the large volumes of money and sensitive data at stake.
With all this in mind, if the established players can’t provide a strong anti-fraud service via a user-friendly authentication system, it will only be a matter of time until consumers take their custom to more agile fintechs and challenger banks.
So how can these problems be resolved?
The AI solution
“Proving identity is the critical first step in preventing theft,” says Holmes. “After all, only when you have confidence in the interaction can you begin to validate the other requests. However, the greatest problem is gaining this confidence, and the rise of remote requests increases the challenge.”
If it is true that technology has complicated matters with regard to identity and authentication, it is also true that it holds the key to resolving the problem. For example, AI-enabled programmes are now capable of authenticating payments in real-time. They can also quickly recognise fraudulent attempts to steal logins or log counterfeit payments.
Despite this, an alarmingly small number of financial institutions are leveraging the appropriate solutions. Research from advisory firm Aite Group shows that only 10% of organisations are actively using machine learning analytics to orchestrate authentication. While 50% are in the process of implementing these solutions or have them on their road maps, a worrying 40% are not.
With this in mind, banks need to take steps to prove the value of AI and advanced analytics. In addition, they must demonstrate how these solutions can bring new levels of flexibility and convenience to customers.
AI and advanced analytics are helping banks to pre-emptively detect identity fraud, rather than having to deal with the aftermath. By learning the ‘normal’ behaviour of customers, banks can limit the number of false positives and unnecessary challenges. This helps to reduce customer frustration and friction while maintaining security in the process.
The sooner you invest, the sooner you benefit
Technology has changed the face of identity and authentication. The benefits brought to banking are significant and the risks of inaction rapidly expanding. When innocent people begin falling prey to cybercriminals, it dramatically affects the user experience. This is a key issue for banks to overcome in the era of open banking and digital payments.
However, Holmes believes that for all the benefits that AI and advanced analytics bring, there is an alarming lack of adoption in the industry. As a result, it falls to the banks themselves to become the driving force for change and to demonstrate the business value that these solutions bring to financial services.
Holmes concludes: “Those who fail to implement powerful AI-based authentication will soon feel the impact on the bottom line, because customers will flock elsewhere in search of increased security and a smoother journey.”