Embracing biometrics to tackle banking fraud
Neil Costigan, CEO BehavioSec
High profile hacking attacks on global corporations in the media serve as an unwelcome reminder of the increasingly sophisticated nature of cybercrime. Yet, beyond complex hacks on global enterprises, simple techniques to gain access to sensitive data continue to be a burden for both consumers and enterprises.
According to Financial Fraud Action UK, last year online fraud rose 48%, resulting in £60.4 million in losses. Far from the sophisticated cyber-attacks imposed on large corporations, one of the most common threats to consumer security is telephone scamming. The technique, which involves hackers posing as a bank or the police, is four times more likely to affect those over the age of 55 than the rest of the population, according to the Financial Ombudsman. This demographic is at most risk of being tricked into sharing their banking passwords security credentials via the phone, which the scammer can then use to gain access to their finances.
Alongside social engineering and phishing, this type of scam will always be a risk all the while people are the sole gatekeepers of their own security. Being forced to remember numerous password and log-in details, as well as who we can and cannot share them with, is a burden for us all, not least for those who grew up in a pre-digital era. The industry needs to embrace a layered approach to security – that reduces the burden on consumers.
New era of security
Biometric authentication has been introduced as a means to reduce this responsibility – and the subsequent risks involved. One of the most well-known forms of biometrics solutions is fingerprint scanning, thanks largely to the widespread adoption of this technology amongst smartphone providers including Apple. This form of authentication, known as physical biometrics, verifies users based on something they are, rather than something they know.
A less well known form of biometric authentication is behavioural biometrics. Relying on sophisticated machine learning algorithms, the technology builds up a unique profile of the user based on how they interact with the device. Keeping track of measurements such as typing speed, the angle at which the user holds the device or the pressure used to type, biometric checks verify that a person is who they say they are throughout their interaction with the device, rather than simply at point of log-in. Thanks to the numerous sensors available on smartphone technology, behavioural biometrics is particularly suited to mobile and tablet banking.
Such technology responds to the growing concern around phishing, social engineering scams or telephone scams. A hacker could enter the correct credentials for a customer’s online banking – but the technology would pick up that an intruder is simply posing as the valid user.
As we increasingly move our banking activities online, the risks associated are inevitably rising. Halifax recently revealed that over 50% of its interactions with customers are via mobile. However, simply putting tighter restrictions on digital banking will not solve the inherent security issues. Customers embrace online and mobile banking because of their convenience factor. Adding security hardware such as card readers for two-factor authentication provides a frustrating barrier to an otherwise smooth transaction process. Behavioural biometrics appeals to time-poor convenience-focused banking consumers, as it sits in the background of technology devices, rather than proactively asking the user to pass through any additional authentication processes.
Stopping the scammers
The increased vulnerability of over 55 year-olds to scams such as telephone heists does not suggest that the younger generation, or even enterprises, are immune to such risk. Earlier this month the financial director of London-based hedge fund Fortelus lost his job after being conned into giving financial details over to a phone scammer claiming to be the company’s bank – losing the company $1.2 million.
Falling for a scam is a relatively simple mistake to make – but the consequences can be costly. Simple security solutions such as passwords will always be undermined by simple hacking techniques. As such it’s important that industries – and in particular the financial industry – take a layer on top of solutions such as passwords with additional security solutions such as behavioural biometrics. By adding innovative security layers, banks reduce the responsibility on the customer to look after their own security data. Added security doesn’t have to mean added inconvenience. If we are to tackle the banking scammers and fraudsters, the industry needs to embrace solutions that find the right balance between sophisticated security and ease of use for the customer.