Four Tips for Securing Digital Banking Channels

By David Vergara

As consumers use more online and mobile banking channels for their financial transactions, a direct result of the pandemic and reduced in-person touch points, hackers view this shift as an opportunity to exploit vulnerabilities across these same bank channels. And this is driving a wave in new fraud attacks.

According to the Federal Trade Commission, Americans have lost more than $77 million due to COVID-related fraud attacks. Taking a close look at the types of fraud on the rise, phishing attacks have increased by more than 667 percent during the pandemic and account takeover attacks have increased by 72 percent this year. To protect themselves and their customers, financial institutions must act quickly to modernize their anti-fraud solutions and strengthen the security of their digital channels. By moving away from legacy technologies—which are often point solutions—and leveraging modern artificial intelligence and machine learning in a unified way across their mobile and online channels, banks can gain greater visibility and assess risk in real-time in order to stop fraud as it happens.

Let’s take a closer look at a few of the technologies that are key for banks to accelerate their digital transformation and modernization efforts, improving the user experience and better securing all transactions.

1. E-signatures to securely enable remote transactions

As consumers shift toward digital channels, their expectations for a seamless user experience grows. For businesses looking to recover from the pandemic, the convenience and speed of their digital transactions for complex processes such as loans will be important for getting their operations up and running again.

E-signatures are one of the technologies that banks can quickly adopt to immediately improve the speed and convenience of their business processes. With a web or mobile e-sign application, banks and financial services representatives can ramp up in minutes to ensure that agreements can be enacted the same day they are requested. Furthermore, by combining digital identity verification technology with e-sign solutions, financial institutions can securely continue offering crucial services during the pandemic, such as digital mortgage lending and remote online notarization for buying homes.

2. Facial recognition is a necessary part of identity verification

Application fraud is another strategy fraudsters are leveraging during the pandemic to exploit consumers. Criminals submit applications for loans posing as real people by leveraging personally identifiable information found in the more than 15 billion consumer credentials available on today’s dark web marketplace.

Banks can prevent this type of fraud and detect when hackers attempt to use synthetic identities across digital channels by implementing digital identity verification checks as a first line of defense. One of the most effective methods is to use ID document verification with facial comparison. A customer can simply use a smartphone camera to scan a government-issued ID, and then take a selfie. Biometric facial comparison technologies with liveness detection verify that the ID is authentic and unaltered, and that the person opening the account is indeed the individual pictured on the ID.

3. Preventing account takeover attacks with risk analytics

Many banks and financial institutions have pre-configured rules for identifying known fraud, but the speed and volume of today’s attacks are making these pre-configured rules less useful as they are not designed to protect against emerging fraud techniques. Banks and financial institutions can combine their set of pre-configured rules with sophisticated risk analytics engines, leveraging machine learning to find anomalous patterns indicating new fraud attacks in real time.

One example, when it comes to protecting customers against account takeover attacks, is a risk analytics system leveraging machine learning to dynamically assess the risk of a transaction using authentication orchestration to apply the precise level of security. This is a powerful technology for banks to ensure the best possible customer experience while driving down fraud attacks.

An example of a full-featured risk analytics system is one that may use a rule that increases security for transactions over a certain dollar amount, and complimenting the rule with machine learning models that are analyzing vast and disparate user, device, transaction and channel data to identify anomolous patterns. These models use data points such as the integrity of the device (determining if the device is jailbroken/rooted, its current OS, etc.) and equally as important, the integrity of the application (is any malware detected?)–then using the risk score generated to drive a precise level of security for that unique transaction.

4. Strengthening mobile app security through in-app protection

Consumer adoption of mobile banking apps has surged during the pandemic. Bank of America, for example, reported a 23 percent increase in first-time logins by an older generation of users, including baby boomers and seniors.

As more customers conduct their financial transactions through mobile banking apps, banks should take extra measures to secure their mobile apps by implementing in-app protections. An example of in-app security is mobile application shielding, which provides extra security features beyond what is provided by device operating systems such as resistance to intrusion, tampering and reverse engineering of apps.

This type of application security is critical in not only protecting apps, but enabling them to operate securely in hostile environments. And the reality is that mobile app developers have no chance of keeping up with the speed and volume of new attacks. In fact, leading industry analyst firm Gartner, in their recent Market Guide for In-App Protection, point out that app developers lack mobile expertise and tend to apply traditional application development practices to mobile with a focus on functionality, not security. Banks should leverage application shielding to bolster the security of their mobile apps while maintaining a superior user experience, which is especially important for first-time users, who could be deterred by a bad experience let alone a fraud attack.

The bottom line for banks and financial institutions during this pandemic is that their customers are in the crosshairs of hackers and cybercriminals. But with the right technologies, banks can secure their digital channels and not only retain their loyal customer base, but also gain new customers. By moving away from inflexible, legacy security technologies and adopting a more sophisticated approach with modern machine learning that can analyze data across digital channels, in real time, banks can create the best customer experience and mitigate exposure to even the most innovative fraud attacks.

David Vergara is senior director of security product marketing at OneSpan.