PaymentsJournal
SUBSCRIBE
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
No Result
View All Result

The Key to Financial Security Is in the Palm of Your Hand

Patrick Cox by Patrick Cox
August 8, 2018
in Featured Content, Industry Opinions
0
authentication, connected car, payments

authentication

10
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

Physical credit and debit cards are going the way of cash and checks, as more and more consumers turn to e-commerce and digital payment apps, and increasing numbers of brick-and-mortar retailers embrace proximity mobile payment.

At the same time, fraudsters are also moving away from physical credit cards, due in part to the implementation of security chips and are instead exploiting opportunities to take over financial accounts by using consumer data available from countless data breach to answer knowledge-based authentication questions.

In the face of this growing threat, financial institutions need stronger security measures, in particular more effective authentication, to protect against account takeovers.

Fortunately, the same trend that is driving the increase in mobile payments – the ubiquity of smartphones and consumers’ fierce attachment to them – also presents a potential solution: the ability to thwart fraudsters’ efforts by using customers’ phones as ownership-based authentication tokens. 

Strengthening authentication

Most account takeovers occur via social engineering schemes in which criminals use hacked information and/or information gleaned from social media to impersonate legitimate customers – often over the phone, which has become the weak link for many organizations. Banks and other financial institutions have devoted significant resources to combatting fraud via their online channels, but many have been slow to implement more effective authentication measures for their contact centers.

Most contact centers continue to rely heavily on knowledge-based authentication – granting access to accounts if callers can provide the correct personal information – which means these organizations are vulnerable to account takeovers in a world where fraudsters have relatively easy access to this personal information.

Criminals frequently use Caller ID or automatic number identification (ANI) spoofing to cover their tracks and further deceive call center staff. And, unfortunately, this spoofing is not difficult to execute, thanks to the easy creation and manipulation of call signaling data, a lack of end-to-end encryption within the telephone network, and the multitude of attack opportunities presented by carriers with lax security practices.

More and more criminals are using virtualized call services, like Skype, to connect with call centers. These services are legitimate calls but can be made from any device and let the criminal remain anonymous and undetectable.

In an effort to mitigate the risk of phone fraud, some financial institutions perform probabilistic modeling on header data delivered when a call connects, but while these risk-assessment approaches can be helpful in detecting suspicious calls, they do not actually identify legitimate customers, who represent the vast majority of callers, or virtualized calls.

To positively identify their customers before their calls are answered, financial institutions can implement a complementary technology that uses customers’ smartphones as ownership-based authentication tokens. Customers are rarely without their phones, and as digital payments become more and more popular, people will be even more likely to have their digital wallets with them at all times.

An approach that audits all phone calls, devices and line types from within the global telephone network – end-to-end, from the caller’s phone to the contact center – can ensure that the phone call and device are real and unique and can thus provide a deterministic authentication outcome in the form of an ownership-based authentication token. With this highly accurate technology, the only way a fraudster could be authenticated would be to physically steal the customer’s phone and successfully unlock it.

This technology will also flag high-threat virtualized phone calls commonly used by criminals including VoIP and PBX calls.

Pre-answer caller authentication technology, which is invisible to the caller, provides another benefit as well, because it allows authenticated customers to be routed to a trusted caller flow that is not subject to annoying and time-consuming identity interrogation. Non-authenticated calls can then be stratified based on their risk scores and receive different authentication treatments or more rigorous examination by the organization’s anti-fraud tools and staff.

Staying ahead of the fraudsters

There are a wide variety of authentication solutions available, including biometric systems such as voice recognition technology, aimed at different needs and offering varying levels of authentication quality, coverage, speed and convenience. Other solutions, as mentioned, are aimed more at fraud detection than true authentication. Financial institutions need to educate themselves about the various alternatives and implement measures that will protect their customers’ accounts more aggressively.

Continuing to rely on knowledge-based authentication and basic spoof-detection tools is unlikely to stem the tide of account takeovers. And this means not only potentially significant losses to fraud but also the risk of penalties from regulators and lawsuits from affected customers.

Criminals are constantly changing their tactics, but financial institutions need to stay one step ahead. New technologies can help – including technologies that use customers’ smartphones to achieve significantly more accurate authentication and improve the effectiveness of fraud-fighting efforts.

About the Author

Patrick Cox is chairman and CEO of TRUSTID, which enables companies to increase the efficiency of their fraud-fighting efforts through pre-answer caller authentication and the creation of trusted caller flows that avoid identity interrogation, allowing resources to be focused on real threats.

Tags: AuthenticationFraud Risk and AnalyticsSecurity
10
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

    Analyst Coverage, Payments Data, and News Delivered Daily

    Sign up for the PaymentsJournal Newsletter to get exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    Digital Wallet Use Delivers on Convenience and Security

    Digital Wallet Use Delivers on Convenience and Security

    May 30, 2023
    5 Ways to Protect Your Financial Institution from a Cyberattack

    5 Ways to Protect Your Financial Institution from a Cyberattack

    May 26, 2023
    traditional banks

    How Traditional Banks Can Modernize Without Risk

    May 25, 2023
    identity fraud

    Javelin’s Identity Fraud Study Highlights the Changing Nature of Fraud

    May 24, 2023
    SASE, security-as-a-service

    Security-as-a-Service Secures
    Distributed IT Models

    May 23, 2023
    mule. real-time

    Early Detection of Mule Activity Requires Real-Time Solutions

    May 22, 2023
    embedded finance, ecommerce

    How Retailers Can Enter the World of Embedded Finance Confidently 

    May 19, 2023
    cross-border

    Cross-Border Trade is a Cinch with the Right Payments Partner

    May 18, 2023

    Linkedin-in Twitter

    Advertise With Us | About Us | Terms of Use | Privacy Policy | Subscribe
    ©2023 PaymentsJournal.com

    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    Menu
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    • Industry Opinions
    • Recent News
    • Resources
    Menu
    • Industry Opinions
    • Recent News
    • Resources
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Industry Opinions
    • Faster Payments
    • News
    • Jobs
    • Events
    No Result
    View All Result