Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

7/8/2020
02:00 PM
Simon Armstrong
Simon Armstrong
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Fresh Options for Fighting Fraud in Financial Services

Fraud prevention requires a consumer-centric, data sharing approach.

In the financial industry, digital transformation has enjoyed a renewed focus and sense of urgency over the past few months. It's the ultimate stress-test, with isolation and social distancing creating a new normal where consumers increasingly depend on remote or self-service channels, and card-not-present transactions. To make matters worse, as advisory firm Javelin points out, "Criminals become more active during times of economic hardships." For financial institutions, this means that securing digital transactions has arguably never been more critical.

Complicating financial institutions' digital security strategy in these times of high stress is the omnichannel approach many have embarked on to meet their consumers' demand for anywhere, anytime access to services, as well as to compete with increasing numbers of fintech disrupters. While opening new transaction channels enhances user experience, it also increases the risk of fraud. 

Another matter adding to financial institutions' security woes is the API economy. Some open up their systems to remain competitive, while others endure it as a matter of obligation. One example: The EU's revised Payment Services Directive (PSD2), which requires banks that do business in Europe to allow data aggregators and payment services access to their data stores. Securing transactions through multiple channels is complex enough, but it becomes imperative when third parties are involved.

Sharing Benefits with Everyone
Data sharing is one of the most contentious topics in the digital world at the moment. Concerns over privacy and security are often given as reasons for consumers' slow adoption of some services on the one hand and organizations' lack of innovation on the other. In the financial services industry, organizational silos – in effect the epitome of not sharing data – are another of these frequently cited obstructions to achieving more.

But the greater availability of data gives financial institutions insight into customers' behaviors, habits, and preferences, allowing them to develop more effective tools, products, and features. It also allows them to protect customers more efficiently against fraud. EMV 3-D Secure is a good example, an updated version of 3-D Secure, a protocol designed for securely authenticating a customer during card-not-present ecommerce transactions, which includes a risk-based authentication engine. The more data the engine has, the more efficiently it can assess the risk.

All Hands on Deck
In today's financial environment where user experience has never been more important, sharing data between all parties involved – from third parties and merchants to customers themselves – is essential for a digital strategy that is based on robust security measures aimed at customer engagement. Open communication and data sharing mean that banks receive real-time data that improves their authentication models by more effectively evaluating the risk of a card-not-present transaction.

To ensure data sharing is effective, and that content being shared doesn't fall into the wrong hands, financial institutions need to safeguard the security of their digital channels so that each party can be sure they are communicating with the intended recipient. It is the foundation on which advanced omnichannel authentication techniques are built.

According to a Microsoft report, customers around the world use an average of between three and five customer service channels. Securing each of these channels with a consistent user experience cannot be a mere afterthought or add-on; it needs to be embedded into a digital strategy. Using technology that resides on consumers' digital channels can create robust identities for consumer devices and convert these devices into strong possession factors. To increase adoption and build loyalty, it is important that the focal points of the innovation are channels that resonate with consumers. For example, while mobile is the customer service channel that most consumers want to engage on (38%), web-based online self-service support portals are also expected by 88% of people.

Building an ecosystem of trusted devices for each consumer enables financial institutions and other organizations to trust a consumer's entry point into their digital services and maintain a high degree of privacy while enabling sensitive interactions and data sharing to take place. 

Simply having access to more data for risk analysis, however, is not enough ensure a truly excellent service. Customers must also be given the opportunity to participate in securing their transactions. Recent research shows that consumers' attitudes to a "friction-free" experience is changing, and they would now prefer to verify transactions before funds leave their account. While in the past, banks would have viewed this approach as adding unnecessary friction to the user experience, modern consumers want to be more involved. 

Working in unison by breaking down silos allows multiple entities to work together efficiently using accumulative, real-time information to create a truly great offering that is built for combatting fraud, not patched together as a result of it. Additionally, putting some control into the hands of consumers creates another layer of security, while increasing customer satisfaction and brand loyalty, both of which have a positive impact on a financial institution's bottom line.

Related Content:

 

Simon's been described by a former employer as one of a breed of "creative technologists," a label we wish we had coined on his behalf. Having worked mostly at small to medium-sized agencies and product development firms in South Africa, Europe, and Asia, he combines a ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This is not what I meant by "I would like to share some desk space"
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-1303
PUBLISHED: 2021-01-20
A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to improper enforcement of actions for assigned user roles. An attacker could exploit this vulnerability by...
CVE-2021-1304
PUBLISHED: 2021-01-20
Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not autho...
CVE-2021-1305
PUBLISHED: 2021-01-20
Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not autho...
CVE-2021-1312
PUBLISHED: 2021-01-20
A vulnerability in the system resource management of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) to the health monitor API on an affected device. The vulnerability is due to inadequate provisioning of kernel parameters f...
CVE-2021-1349
PUBLISHED: 2021-01-20
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. The vulnerability is due to insufficient input validation by the web-based management interf...