Seamless and secure online authentication: a solvable goal?

Online authentication is an intelligent tool that allows companies to differentiate legitimate activity from fraudulent behaviour to make sure only the right users get through. However, as intelligent as it may be, there does still remain a challenge in making sure the wrong users with the right credentials don’t cheat their way past this barrier. This means that no company can ever really be 100% sure about the true identity behind an online user.

Approximately 98% of human transactions are legitimate, meaning only 2% are fraudulent. With such favourable odds, one would think it was a given that businesses shouldn’t be quick to treat all customers as potential fraudsters. But some do. And in doing so, instead of protecting their business, they end up pushing loyal customers away. We could conclude that overly strict defence mechanisms won’t let all legitimate customers through. On the other hand, interruptive authentication methods cause transaction abandonment and loss of customers.

Fraudsters continue to find ways to overcome traditional authentication methods, as we have grown accustomed from them to do so. Static defence mechanisms do not prevent all cases of fraud: login data is being bought on the dark web, CAPTCHA is being outsmarted by bots, true geolocation is being hidden via proxy servers, device fingerprinting is being imitated by emulators, and multi-factor authentication is being surpassed when session takeover occurs. That’s why the industry has been forced to think beyond passwords and secret questions, and research advanced authentication methods.

As unique as a fingerprint

The way we subconsciously behave on our phones or computers – how we hold, scroll, swipe, click, tap, or type – is as unique as our fingerprints.

By using sensors in touchscreens or codes on websites, data can be collected invisibly to the user. Multiple interactive gestures can be constantly analysed — including how the person is holding the device or the speed and rhythm in which they’re using their mouse. Endless amounts of these data points together form a digital fingerprint and can be used to establish a user’s identity.

With the aid of these behavioural biometrics, companies will not only be able to accurately differentiate between legitimate customers, fraudsters and non-human behaviour (eg BOTS, malware, or Random Access Trojans), but they will also save costs with fewer suspicious cases to check manually.

And it can do more than reducing fraud threats and financial losses. Companies are also able to minimise false positives and increase revenue by avoiding pushing good customers away. Additionally, leveraging the user’s behavioural biometric data means businesses receive additional valuable insights about their customers. This allows for further optimisation of the customer journey and user experience – improving customer loyalty and encouraging higher conversion. In fact, Gartner states that by 2022 digital businesses with a great customer experience during identity corroboration will earn 20% more revenue.

The great advantage of this new authentication method is that even if fraudsters try to use stolen passwords and other personal information, behavioural biometric monitored accounts can still be secured, as this type of information can’t be stolen, faked, or copied.

Behavioural biometrics differentiators

In contrast to other protection methods, such as active physical biometrics, there are many positives when it comes to passive behavioural biometrics:

it does not depend on special scanning hardware and is independent from devices or locations;

authentication is not one-time validation, but a continuous process from check-in to check-out – protecting transactions including registrations, purchases, payments, and money transfers;

no extra user actions are required. It is frictionless and seamless and not aggressive or irritating, like most security barriers;

no personal data is collected or stored, complying with the European Union’s General Data Protection Regulation.

Securing companies, protecting customers

The behavioural biometric data is compared to the historical behaviour of the user and average behaviour patterns. Based on analysed signals of each user profile, the system generates a ‘trust score’ with proprietary machine-learning algorithms. Assuming that the average person’s phone habits will change, say, on a Saturday night compared to a Wednesday morning, the behavioural biometrics software then calculates whether someone is really who they are claiming to be.

As diverse protection methods are needed to cover a wide range of fraud cases, Arvato Financial Solutions offers a broad solution portfolio for different types of threats. Based on our long-standing industry and market-specific experience, the fraud and financial experts working in our teams offer a customised approach to each of our clients to provide the optimal solution for their particular needs.

Based on each company’s individual goals, the industry landscape, the fraud prevention methods in place, and the fraud management architecture, we determine which specific solution or module combination is the best match for each business.

Arvato Financial Solutions is the backbone for growth, providing a holistic approach to help companies optimise their processes and customer experience, and protect their revenue and reputation while providing protection against fraud tailored to specific needs.

This editorial was first published in the Web Fraud Prevention, Identity Verification & Authentication Guide 2018-2019. The Guide covers some of the security challenges encountered in the ecommerce and banking, and financial services ecosystems. Moreover, it provides payment and fraud and risk management professionals with a series of insightful perspectives on key aspects, such as fraud management, identity verification, online authentication, and regulation.

About Rober Holm

Robert Holm is Senior Vice President Fraud Management at Arvato Financial Solutions. With an experience of almost 20 years in setting up and growing new businesses, he leads the strategic development and internationalisation of the fraud management division.

Arvato Financial Solutions

Arvato Financial Solutions provides professional financial services centred on cash flow in all segments of the customer lifecycle: from identity, fraud, and credit risk management, to payment and financing services and debt collection. Our team made up of proven and reliable experts in around 20 countries gives businesses the best possible platform for growth.