5 Priorities for Banks to Secure the Post‑Pandemic Shift Towards Digital and Mobile Channels
The financial sector, state and federal government agencies, as well as consumers are being targeted with various types of fraud, identity theft and data security breaches during the pandemic. One of the biggest threats facing banks and consumers is account takeover (ATO) fraud, which has grown 72 percent since the start of the pandemic, and bigger problems lie ahead.
Stemming the tide and securing banks against the next wave of fraud
While increased adoption of mobile and digital banking channels had already been on the rise, adoption has been greatly accelerated by the pandemic, with the majority of U.S. adults today using online (73 percent) or mobile (55 percent) banking channels. However at the same time, cyberattacks targeting banks have also increased by 238 percent. With a number of branches closing for good and the greater shift to digital channels likely to be permanent, now is the time for banks to lock-down the security of their mobile and digital offerings.
There are five key areas banks and financial institutions should prioritize in order to secure their new and existing digital channels against fraud.
1. Modernize to a digital-first organization
If there is one thing the pandemic has proven, it’s the importance of having a digital-first business model. 2020 is the year that many banks accelerated their digital transformation plans in order to meet consumers’ needs during the pandemic. Securing customers’ accounts and sensitive data throughout digital and mobile channels is more important than ever, as threats continue to rise. Approximately 25 percent of the 15 billion leaked consumer credentials available to hackers on the Dark Web contain bank account information. If customers aren’t confident that their data is secure, they will leave for the competition.
Banks should look to adopt cloud-based platforms and security solutions for their back-end infrastructure, which will allow them to become more agile and nimble. This will allow them to not only respond faster to changing customer needs but also respond and react to fast-changing security threats.
2. Reinvent the customer journey
The next area banks should evaluate is the customer journey. Often, the first experience a customer has with a bank is the process of opening a new account. However, this process is also one that is highly targeted for fraud. In a recent study from Aite Group of anti-money laundering professionals, 65 percent say the use of synthetic identities in new account fraud is a bigger threat for banks than traditional identity theft. This is because if banks don’t catch a fraudulent attempt to open an account, they can face big losses.
Reinventing the customer journey requires balancing security with user experience. Customers don’t want to be prompted with a cumbersome authentication process. Yet at the same time, they also expect to be protected from cybersecurity threats. Therefore, banks should implement adaptive authentication methods that only prompt customers with additional steps if risk is detected. They should also look to security solutions like behavioral biometrics, which run behind the scenes and are invisible to the customer, providing strong security that is seamless and convenient.
3. Harden security across channels
Becoming a digital-first organization means revaluating risk posture and updating the organization’s fundamental approach to security. This is important not only to enable the distribution of financial services digitally, but also to adopt new technologies behind the scenes like artificial intelligence (AI) and machine learning (ML) to protect against the evolving types of fraud in these channels.
Banks are hardening security across digital and mobile channels by deploying intelligent adaptive multi-factor authentication. Today’s attackers can easily bypass most traditional two factor authentication (2FA), so banks need a unified platform to layer behind the scenes technologies like AI, ML, and real-time data analytics to identity risk and further protect customers. For example, banks are deploying server-side analytics to monitor customer sessions, devices and behavior in addition to 2FA authentication methods to help spot potential attacks.
4. Secure the mobile platform
As banks increasingly transition customers to the mobile channel, they are able to build a clearer view of how customers are laid out within their organization in order to consolidate and manage them in a central flow.
Modern mobile security solutions provide banks additional controls for securing customer accounts, compared to accessing a bank account via a website. Banks should prioritize securing mobile banking apps on the client side through technologies like mobile application shielding with run-time protection. In this way, banks can keep the mobile app secure even if it is being used on a jailbroken or malware-infected phone.
5. Leverage AI to analyze patterns humans cannot
Due to the increasing volume of fraud, AI serves as the eyes that banks need to analyze the patterns that humans don’t pick up as quickly. Most of the time, hackers use a bot-like approach to push out attacks, which means that attacks are essentially the same every time for all of an organizations’ users.
AI can detect these attacks more quickly than humans by recognizing patterns to identify attacks before they run rampant in an organization’s system.
In the COVID-19 era, banks and financial institutions are working hard to digitally transform themselves while also providing the strong security and convenient experience customers want. This requires coordination, collaboration, and staying on the precipice of new technology like biometric authentication and real-time risk analytics powered by AI and ML. By embedding security into their digital services, financial institutions can better protect their customers, defend against increased fraud and cybersecurity threats, and provide the type of seamless experience that will keep customers loyal and position the organization for future success.
This article, written by Will LaSala, Director of Global Security Solutions at OneSpan, was first published in CPO Magazine on February 23, 2021.