Alkami Technology Plano Texas

How biometric security has evolved to thwart evolving digital banking fraud threats

A more secure digital banking environment will result when passwords disappear in favor of harder-to-hack account access solutions, likely over the next five years or so. That’s just one of the security improvements predicted by Joey Zollinger, VP product management at Alkami. Zollinger and Seth Ruden, director of global advisory for the Americas at Alkami partner BioCatch, recently discussed the latest trends in fraud prevention for financial institutions (FIs) on the BAI Banking Strategies podcast episode The Fraud Prevention Use Case for Behavioral Biometrics.

Key takeaways in digital banking security trends
  • While classic biometrics use facial recognition, retina scans, touch sensors, and other technology used to verify identities, behavioral biometrics verifies people’s identities via their online behavioral tendencies as they do their digital banking. This includes things like typing speed on their phone, how they maneuver their computer mouse, and about 2,000 other distinct behaviors.
  • As part of the digital banking security arms race to keep fraudsters at bay, new use cases for deploying behavioral biometrics are being discovered every day. Where biometrics first emerged primarily to thwart account takeovers, it is now a valuable tool in stopping authorized push payment fraud in which criminals use social engineering to get account holders themselves to authorize payments to bad actors. 
  • There is plenty of room for banking institutions to integrate more deeply with existing fraud solutions to address a growing incidence of cross-channel fraud.

 

“There has to be a balance between extremely, extremely secure and ease of use, which is how digital banking got started in the first place—to give people an easier way to access their financial information,” Zollinger said. “The way we approach it with our FIs is giving them a say in what that balance is. We integrate with different vendors, providers, and solutions out there to give our clients the best possible solution by tailoring it to their security profile or the risk assessment that they perform for their account holders.” 

Fraudster tactics change, but the goals remain the same

At the dawn of the 21st century, banks and credit unions would tell users they faced a higher fraud risk outside of digital banking solutions, which was in its infancy, Zollinger said. But with almost all account holders using digital banking today, online attacks are now favored by fraudsters. 

“But the most prevalent types of attacks haven’t changed all that much,” Zollinger said. “It’s still about account takeover and getting access to user credentials. The attacks are much more sophisticated than they were before, but still very focused on account takeover.”

Solutions like BioCatch represent a third-generation fraud detection solution, one that enables FIs to analyze many additional data points to secure online banking sessions. Two decades ago, early fraud detection solutions primarily focused on catching issues with specific transaction elements. The second generation layered on profiling elements, including checking to see if the user was on a familiar device and in a familiar location—and asking for more verification if not. Newer biometric security solutions leverage those security basics but then add on a larger dataset of behavioral touchpoints that increase the precision and effectiveness of fraud detection efforts.

More security, with less friction

The goal is twofold: Reduce digital banking fraud while also making security & fraud protection screening as frictionless as possible so that account holders can complete their transactions with fewer digital speedbumps while stopping fraudsters in their tracks. The only time the user becomes aware of the security environment is when the detection system flags potential anomalous transactions and takes steps to protect the account—and the account holder. 

In a normal transaction, biometric security solutions monitor elements such as how quickly account holders enter basic information they should know reflexively, along with hand-eye coordination, that user’s expected regular typing speed and how much time they typically spend on specific screens. From this universe of information, the system can conclude with high confidence that this is the genuine end user acting in characteristic patterns that have been observed in past sessions.

Layering analysis of these behavioral patterns and habits on top of verification data that includes devices, endpoint, locations, and networks used gives FIs a greater contextual framework in which to protect users. Beyond simply verifying that the person accessing the account is the account holder, this level of security enables banks and credit unions to determine that the user is performing transactions in alignment with their desirable and authentic behavior, which helps to flag socially engineered push-payment fraud in which account holders are unwitting actors.

“Account takeover is still the number one problem,” Zollinger says. “But the sophistication of account takeover has changed over the years. Fraudsters can learn a lot of information about a person and attempt to take over an account online.” Traditional security methods such as multi-factor authentication by itself can be compromised so it’s critical for FIs to have a layered approach to account takeover fraud.  Banks and credit unions can more effectively combat any new tricks fraudsters might deploy to steal account holder funds with a robust biometric security solution tailored to an FI’s needs.

Click below to listen to the full BAI Banking Strategies podcast episode, The Fraud Prevention Use Case for Behavioral Biometrics.

Check out the Podcast
LinkedIn
Facebook
Twitter
LinkedIn
Facebook
Twitter
Related Blogs

Join our newsletter

Join the alkami newsletter and get notified when new blog posts are added.