Banks make progress toward the ultimate phishing solution
The rise in e-commerce, online banking, and digital payments has increased the number of online transactions, creating more opportunities for fraud. Each transaction involves account data, such as login credentials, account numbers, and transaction details that can be targeted by fraudsters. However, with the right technology, banks could be using an increased selection of signals to curb fraud, keeping customers safer while ensuring a better user experience.ย
โAs our digital footprints and capabilities have grown, so too has digital fraud. Traditional fraud risk management solutions, which might have been effective in the past, are struggling to keep pace with the rapidly changing fraud landscape. It is no longer enough to rely solely on basic risk assessments and static authentication methods to protect banks and their customers from the onslaught of social engineering scams, account takeovers, and other emerging fraud vectors,โ says Gerhard Oosthuizen, Chief Technology Officer at Entersekt.
Oosthuizen explains that as we share more online such as social media posts, online purchases, and geolocation data, we are simultaneously giving bad actors a wealth of information that can be used to build more convincing phishing scams, identity theft schemes, and social engineering attacks.
Similarly, weak account protection leaves consumers open to attack. Fraudsters have increasingly targeted two-factor authentication (2FA) systems, particularly those that rely on SMS-based verification. With the right social engineering motivation, victims can even be convinced to perform facial recognition and biometric authentication, and with AI, thereโs even the real threat of bypassing voice and facial biometrics by using online recordings of the victims.ย
Protecting the user from themselves
Traditional fraud risk management solutions often rely solely on the user’s approval to authorise a transaction, leaving a dangerous gap in the defence against social engineering scams.ย
Risk intelligence and advanced authentication can help organisations, including banks and other financial institutions, combat the growing threat of sophisticated fraud attacks, without compromising customer experience.ย
The difference lies in the ability to leverage comprehensive, cross-channel intelligence to build detailed user profiles and detect even the most subtle anomalies. By collecting and correlating signals from multiple touchpoints, including login, transactions, and other digital activities, it becomes possible to identify patterns and behaviours that may indicate fraudulent activity.
Risk intelligence and advanced authentication can also identify and block transactions that appear suspicious, even if the user has already provided their consent.
โThis is a game-changer for banks, particularly when it comes to protecting vulnerable customers, such as the elderly, from sophisticated impersonation schemes. By analysing a broader range of signals, risk-based authentication can detect when a user may be under duress or coercion, and intervene to prevent financial losses,โ Oosthuizen explains.ย
This approach builds a more comprehensive user profile and understands behaviour patterns across the customer’s entire digital footprint, from PayShap transactions to e-commerce purchases. This is in contrast to traditional risk-based solutions, which often operate in silos, missing the opportunity to leverage cross-channel intelligence.
A broader range of signals, including contextual information, device data, and real-time indicators can give banks an even more nuanced and accurate risk assessment, going beyond the basic parameters used by traditional solutions. For example, when a client is on an active phone call while transacting, it could indicate coercion by a fraudster in the middle of a phishing attack.
โThe ability to detect subtle anomalies and emerging fraud vectors has become vital. Advanced risk assessment capabilities, including the ability to decline transactions even after user approval, help safeguard against these emerging threats. In a nutshell, risk-based authentication with silent signals can advise when to authenticate, when to decline, and when and how to step up. This is a more holistic and proactive fraud management solution, rather than just a traditional risk-based authentication tool,โ says Oosthuizen.ย
Threats are constantly changing; the solution should too
Threats are constantly evolving and so having a solution that can use data from multiple channels and across devices means it can learn and respond more quickly. The flexible and adaptable nature of risk intelligence with advanced authentication allows it to be updated to detect and protect against new and evolving fraud tactics, such as those that may emerge with the increasing adoption of alternative payment methods and digital financial services.
โBanks need to find better ways to protect their customers. Far too much is still left in the hands of the end user who are often not skilled in identifying new threats โ and nor should they be. The consumer expects their bank to keep them safe. New security measures require more nuanced insights that are essential when dealing with a fluid fraud landscape. Having a trusted advisor that knows more about a user than the user themselves will change the way the security deck is stacked,โ Oosthuizen says.ย
About Entersekt
Entersekt is a global leader in digital banking authentication and e-commerce fraud prevention solutions. The company empowers financial institutions and businesses to deliver secure and seamless digital experiences to their customers.
