Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:00 PM
Simon Armstrong
Simon Armstrong
Connect Directly
E-Mail vvv

Fresh Options for Fighting Fraud in Financial Services

Fraud prevention requires a consumer-centric, data sharing approach.

In the financial industry, digital transformation has enjoyed a renewed focus and sense of urgency over the past few months. It's the ultimate stress-test, with isolation and social distancing creating a new normal where consumers increasingly depend on remote or self-service channels, and card-not-present transactions. To make matters worse, as advisory firm Javelin points out, "Criminals become more active during times of economic hardships." For financial institutions, this means that securing digital transactions has arguably never been more critical.

Complicating financial institutions' digital security strategy in these times of high stress is the omnichannel approach many have embarked on to meet their consumers' demand for anywhere, anytime access to services, as well as to compete with increasing numbers of fintech disrupters. While opening new transaction channels enhances user experience, it also increases the risk of fraud. 

Another matter adding to financial institutions' security woes is the API economy. Some open up their systems to remain competitive, while others endure it as a matter of obligation. One example: The EU's revised Payment Services Directive (PSD2), which requires banks that do business in Europe to allow data aggregators and payment services access to their data stores. Securing transactions through multiple channels is complex enough, but it becomes imperative when third parties are involved.

Sharing Benefits with Everyone
Data sharing is one of the most contentious topics in the digital world at the moment. Concerns over privacy and security are often given as reasons for consumers' slow adoption of some services on the one hand and organizations' lack of innovation on the other. In the financial services industry, organizational silos – in effect the epitome of not sharing data – are another of these frequently cited obstructions to achieving more.

But the greater availability of data gives financial institutions insight into customers' behaviors, habits, and preferences, allowing them to develop more effective tools, products, and features. It also allows them to protect customers more efficiently against fraud. EMV 3-D Secure is a good example, an updated version of 3-D Secure, a protocol designed for securely authenticating a customer during card-not-present ecommerce transactions, which includes a risk-based authentication engine. The more data the engine has, the more efficiently it can assess the risk.

All Hands on Deck
In today's financial environment where user experience has never been more important, sharing data between all parties involved – from third parties and merchants to customers themselves – is essential for a digital strategy that is based on robust security measures aimed at customer engagement. Open communication and data sharing mean that banks receive real-time data that improves their authentication models by more effectively evaluating the risk of a card-not-present transaction.

To ensure data sharing is effective, and that content being shared doesn't fall into the wrong hands, financial institutions need to safeguard the security of their digital channels so that each party can be sure they are communicating with the intended recipient. It is the foundation on which advanced omnichannel authentication techniques are built.

According to a Microsoft report, customers around the world use an average of between three and five customer service channels. Securing each of these channels with a consistent user experience cannot be a mere afterthought or add-on; it needs to be embedded into a digital strategy. Using technology that resides on consumers' digital channels can create robust identities for consumer devices and convert these devices into strong possession factors. To increase adoption and build loyalty, it is important that the focal points of the innovation are channels that resonate with consumers. For example, while mobile is the customer service channel that most consumers want to engage on (38%), web-based online self-service support portals are also expected by 88% of people.

Building an ecosystem of trusted devices for each consumer enables financial institutions and other organizations to trust a consumer's entry point into their digital services and maintain a high degree of privacy while enabling sensitive interactions and data sharing to take place. 

Simply having access to more data for risk analysis, however, is not enough ensure a truly excellent service. Customers must also be given the opportunity to participate in securing their transactions. Recent research shows that consumers' attitudes to a "friction-free" experience is changing, and they would now prefer to verify transactions before funds leave their account. While in the past, banks would have viewed this approach as adding unnecessary friction to the user experience, modern consumers want to be more involved. 

Working in unison by breaking down silos allows multiple entities to work together efficiently using accumulative, real-time information to create a truly great offering that is built for combatting fraud, not patched together as a result of it. Additionally, putting some control into the hands of consumers creates another layer of security, while increasing customer satisfaction and brand loyalty, both of which have a positive impact on a financial institution's bottom line.

Related Content:


Simon's been described by a former employer as one of a breed of "creative technologists," a label we wish we had coined on his behalf. Having worked mostly at small to medium-sized agencies and product development firms in South Africa, Europe, and Asia, he combines a ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-08-10
A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information.
PUBLISHED: 2020-08-10
Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.
PUBLISHED: 2020-08-10
Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script.
PUBLISHED: 2020-08-10
A security misconfiguration exists in Combodo iTop, which can expose sensitive information.
PUBLISHED: 2020-08-10
Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.