Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

7/8/2020
02:00 PM
Simon Armstrong
Simon Armstrong
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Fresh Options for Fighting Fraud in Financial Services

Fraud prevention requires a consumer-centric, data sharing approach.

In the financial industry, digital transformation has enjoyed a renewed focus and sense of urgency over the past few months. It's the ultimate stress-test, with isolation and social distancing creating a new normal where consumers increasingly depend on remote or self-service channels, and card-not-present transactions. To make matters worse, as advisory firm Javelin points out, "Criminals become more active during times of economic hardships." For financial institutions, this means that securing digital transactions has arguably never been more critical.

Complicating financial institutions' digital security strategy in these times of high stress is the omnichannel approach many have embarked on to meet their consumers' demand for anywhere, anytime access to services, as well as to compete with increasing numbers of fintech disrupters. While opening new transaction channels enhances user experience, it also increases the risk of fraud. 

Another matter adding to financial institutions' security woes is the API economy. Some open up their systems to remain competitive, while others endure it as a matter of obligation. One example: The EU's revised Payment Services Directive (PSD2), which requires banks that do business in Europe to allow data aggregators and payment services access to their data stores. Securing transactions through multiple channels is complex enough, but it becomes imperative when third parties are involved.

Sharing Benefits with Everyone
Data sharing is one of the most contentious topics in the digital world at the moment. Concerns over privacy and security are often given as reasons for consumers' slow adoption of some services on the one hand and organizations' lack of innovation on the other. In the financial services industry, organizational silos – in effect the epitome of not sharing data – are another of these frequently cited obstructions to achieving more.

But the greater availability of data gives financial institutions insight into customers' behaviors, habits, and preferences, allowing them to develop more effective tools, products, and features. It also allows them to protect customers more efficiently against fraud. EMV 3-D Secure is a good example, an updated version of 3-D Secure, a protocol designed for securely authenticating a customer during card-not-present ecommerce transactions, which includes a risk-based authentication engine. The more data the engine has, the more efficiently it can assess the risk.

All Hands on Deck
In today's financial environment where user experience has never been more important, sharing data between all parties involved – from third parties and merchants to customers themselves – is essential for a digital strategy that is based on robust security measures aimed at customer engagement. Open communication and data sharing mean that banks receive real-time data that improves their authentication models by more effectively evaluating the risk of a card-not-present transaction.

To ensure data sharing is effective, and that content being shared doesn't fall into the wrong hands, financial institutions need to safeguard the security of their digital channels so that each party can be sure they are communicating with the intended recipient. It is the foundation on which advanced omnichannel authentication techniques are built.

According to a Microsoft report, customers around the world use an average of between three and five customer service channels. Securing each of these channels with a consistent user experience cannot be a mere afterthought or add-on; it needs to be embedded into a digital strategy. Using technology that resides on consumers' digital channels can create robust identities for consumer devices and convert these devices into strong possession factors. To increase adoption and build loyalty, it is important that the focal points of the innovation are channels that resonate with consumers. For example, while mobile is the customer service channel that most consumers want to engage on (38%), web-based online self-service support portals are also expected by 88% of people.

Building an ecosystem of trusted devices for each consumer enables financial institutions and other organizations to trust a consumer's entry point into their digital services and maintain a high degree of privacy while enabling sensitive interactions and data sharing to take place. 

Simply having access to more data for risk analysis, however, is not enough ensure a truly excellent service. Customers must also be given the opportunity to participate in securing their transactions. Recent research shows that consumers' attitudes to a "friction-free" experience is changing, and they would now prefer to verify transactions before funds leave their account. While in the past, banks would have viewed this approach as adding unnecessary friction to the user experience, modern consumers want to be more involved. 

Working in unison by breaking down silos allows multiple entities to work together efficiently using accumulative, real-time information to create a truly great offering that is built for combatting fraud, not patched together as a result of it. Additionally, putting some control into the hands of consumers creates another layer of security, while increasing customer satisfaction and brand loyalty, both of which have a positive impact on a financial institution's bottom line.

Related Content:

 

Simon's been described by a former employer as one of a breed of "creative technologists," a label we wish we had coined on his behalf. Having worked mostly at small to medium-sized agencies and product development firms in South Africa, Europe, and Asia, he combines a ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27734
PUBLISHED: 2021-05-17
Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users.
CVE-2021-27342
PUBLISHED: 2021-05-17
An authentication brute-force protection mechanism bypass in telnetd in D-Link Router model DIR-842 firmware version 3.0.2 allows a remote attacker to circumvent the anti-brute-force cool-down delay period via a timing-based side-channel attack
CVE-2021-31727
PUBLISHED: 2021-05-17
Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 where IOCTL's 0x80002014, 0x80002018 expose unrestricted disk read/write capabilities respectively. A non-privileged process can open a handle to \.\ZemanaAntiMalware, register with the driver using IOCTL 0x8000201...
CVE-2021-31728
PUBLISHED: 2021-05-17
Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 allows a non-privileged process to open a handle to \.\ZemanaAntiMalware, register itself with the driver by sending IOCTL 0x80002010, allocate executable memory using a flaw in IOCTL 0x80002040, install a hook wit...
CVE-2021-32402
PUBLISHED: 2021-05-17
Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of validation and insecure configurations in inputs and modules.