A recent OneSpan webinar examined how financial institutions can get to grips with bolstering their digital banking authentication processes and secure buy-in.
The cybersecurity firm highlighted that as cybercriminals aggressively target digital banking users, the issue of improving banking authentication processes is becoming more urgent. This can include advising banks to tighten their access management and upgrade to a modern authentication stack to protect transactions and sensitive information.
The webinar was conducted between OneSpan and David Mattei, who is a senior analyst from Aite-Novarica’s Fraud and Anti-money laundering (AML) practice.
A key issue discussed during the webinar is passwords, and the problems they now create. While in the early days of the internet a more stable and secure form of protection, in 2021 they have become a regular problem. This includes issues such as password theft and the dark web-distribution of stolen passwords – which is regularly the most common way cybercriminals gain access to the accounts of users.
OneSpan said, “Consumers put themselves at risk when they use weak or recycled passwords, or compromise their own data security with unsafe behaviour, such as sharing passwords. Furthermore, some financial services providers rely on reactive protocols, such as taking action only after fraud has been committed instead of preventing it from happening in the first place.”
It was highlighted during the webinar that a common issue found in banking authentication is that the security systems and legacy authentication that banks have put in place mostly tend to exist at the front and back-end of digital transactions – with much lacking in the middle.
Mattei commented, “At the front-end, banks have deployed usernames and passwords, and one-time passcodes on the back-end, they’ve deployed fraud detection systems that analyse the transaction to determine whether to approve or decline it.”
According to OneSpan, the missing middle piece is continuous risk monitoring throughout the banking session – from login to logout – claiming a user’s successful login ‘doesn’t necessarily mean it’s the legitimate user interacting with the account’. Banks and financial institutions need to be monitoring non-stop.
Another weakness that has been identified as a threat to banks is knowledge-based authentication. This can be commonly through the use of common security questions that can be asked on social media, providing hackers potential clues about how to hack into users accounts.
Mattei called on banks to think about what they can do to ensure their fraud prevention systems can deal with future threats.
Are orchestration hubs the answer?
OneSpan highlighted that security experts have recently been seeing great promise in authentication and fraud prevention orchestration hubs – with the latter monitoring the entire transaction risk profile from the start of the banking session all the way through to the end.
The continuous monitoring done by orchestration hubs regularly takes places behind the scenes – therefore the customer is not inconvenienced. OneSpan gave an example that an orchestration hub that has at its core an advanced fraud prevention system can use AI and machine learning to evaluate whether a user’s behaviour aligns with what is expected of a real person making a transaction.
If such a transaction raises concern, the digital identity of the customer can be confirmed with a new authentication challenge and second factor – which ensures secure access to the application.
OneSpan said, “Orchestration, strong authentication, and real-time fraud monitoring are ideal for improving digital banking security without impeding the customer experience. Hubs that bring these capabilities together enable banks to share information internally across teams, with less manual tracking and intervention. Picture automated tools used across different departments, communicating with each other to identify fraud – no matter where in the organization it was first detected.”
A key caveat noted during the webinar was that financial institutions – and their customers – commonly tend to be risk-averse. Because of this, OneSpan stated that the worry was that customers would take their accounts elsewhere in banks switched from legacy authentication methods to modern authentication solutions like multi-factor authentication or two-factor authentication.
However, this seemed to be somewhat disproved during the pandemic – with the uptake of digital banking being ‘rapid and widespread’ – it is likely many consumers will continue to use it.
So what can financial institutions implement the best practices for banking authentication? OneSpan referenced biometric authentication as a key tool, which through the use of facial recognition and fingerprint scan, can enable access to mobile banking apps without the need for any passwords.
A lack of resources and poor budget can be reasons why heightened cybersecurity measures in online banking are not implemented – however, OneSpan remarked that it is important companies ‘find the right balance’ between an acceptable level of fraud risk or fraud losses for the bank.
OneSpan concluded, “Companies that experience the most success over time are the ones that make the long-term investment to not only implement security tools, but to continue to improve their functionality as fraudsters continue to adapt. The tools should evolve with the changing security environment, as should the vendors that provide security tools and services.”
The full webinar can be found here.
Copyright © 2021 RegTech Analyst
Copyright © 2018 RegTech Analyst