The DigitalBank Vault
Bank Identity Theft & Hacking : How can banks know who’s who?
What is identity and authentication?
Authentication is required in all channels of interaction, and there are varying means to achieve it. For example, banks can use knowledge factors such as passwords, possession factors such as ID cards or authentication tokens, and inheritance factors such as biometrics to verify users. Each factor has its own unique challenges, however, presenting various security flaws such as weak credentials or the risk of losing physical tokens.
Moreover, in the era of digital banking, criminals can counterfeit many pieces of information to compromise user identities. This has devastating consequences for all involved, whether it be customers whose data is compromised or banks whose reputation is damaged. Identity theft is clearly a grave threat.
The extent of the problem
Identity fraud is a growing concern that affects both businesses and customers, especially when fraudulent activity affects innocent people’s credit scores. It has therefore become vital that banks take action to pre-emptively detect identity theft. But this is, of course, much easier said than done.
Modern hackers are using powerful tools to steal identity information. For example, geospoofing enables criminals to use intermediate computers to hide their IP address and appear in a location that matches the stolen credentials. Elsewhere, hackers are implementing bots that use automated scripts to guess passwords.
The extent of the identity problem becomes clear when we look at the statistics. For example, research shows that it takes the average victim seven months to become aware of identity fraud. In some cases, it can even take years.
What’s more, once an attack is discovered, the average cybercrime victim in the UK spends 14.8 hours dealing with the aftermath. These are worrying facts, considering the large volumes of money and sensitive data at stake.
With all this in mind, if the established players can’t provide a strong anti-fraud service via a user-friendly authentication system, it will only be a matter of time until consumers take their custom to more agile fintechs and challenger banks. So how can these problems be resolved?
Proving identity is the critical first step in preventing theft. After all, only when you have confidence in the interaction can you begin to validate the other requests. However, the greatest problem is gaining this confidence, and the rise of remote requests increases the challenge.
If it is true that technology has complicated matters with regard to identity and authentication, it is also true that it holds the key to resolving the problem. For example, AI-enabled programmes are now capable of authenticating payments in real-time. They can also quickly recognise fraudulent attempts to steal logins or log counterfeit payments.
Despite this, an alarmingly small number of financial institutions are leveraging the appropriate solutions. Aite research shows that only 10% of organisations are actively using ML analytics to orchestrate authentication. While 50% are in the process of implementing these solutions or have them on their road maps, a worrying 40% are not.
Banks need to take steps to prove the value of AI and advanced analytics. In addition, they must demonstrate how these solutions can bring new levels of flexibility and convenience to customers.
AI and advanced analytics are helping banks to pre-emptively detect identity fraud rather than having to deal with the aftermath. By learning the “normal” behaviour of customers, they can limit the number of false positives and unnecessary challenges. This helps to reduce customer frustration and friction while maintaining security in the process.