Regulation is evolving; so should your authentication strategy

We’ve seen a huge rise in scams over the last year. What impact have you seen this have on the payments industry?

Reputational damage is now, more than ever, a massive concern, to every industry sector.  And scam messages in particular have a direct bearing on that.

Callsign recently undertook extensive research on this area of fraud, and the results were alarming – we discovered that consumers are receiving well over 1,000 scam messages a year and in some territories, they’re more likely to receive a message from a bad actor than they are from their bank or even a family member.

For the industry, that is a wake-up call. We found that 45% of consumers lose trust in an organisation if it’s named in a scam message. Simply by association businesses are taking a hit to their reputation.

Can organisations prevent this by making the shift from analogue to digital systems?

Absolutely. The big thing to consider is how valuable, and how fragile, customer trust is. Not just in the businesses that they deal with, but in the communication channels those businesses choose to use.

In fact, one of the major problems here is that a great many businesses are relying on analogue, out-of-band authentication methods such as one-time password over text messages (SMS OTPs) to authenticate their customers.

If you’re doing that, then you’re authenticating in the same channels that the scammers are using, channels that were never designed with security in mind. Channels that customers are already losing trust in.

In the case of SMS, it’s a channel that only 5% of consumers consider to be safe.

On the other hand, inherently digital authentication approaches such as Callsign’s device intelligence and behavioural biometrics are channels that have been designed from the ground up with security in mind. Not only are they virtually impossible for scammers to circumvent, but they’re also passive. They authenticate the user without adding friction to that user’s journey.

But if a customer is taken in by a scam message, a digital approach can prevent fraud taking place. Bad actors will often use social engineering techniques to coach their potential victims past the static warning messages that are commonplace for most businesses.

One area where Callsign innovates is in the use of dynamic interventions: intelligently recognising the tell-tale signs of a fraud in progress, such as a customer making a large payment to a new recipient, and then presenting the customer with a contextual warning at that point. Scammers are hard pushed to talk around an unexpected warning message, with content that they can’t predict.

As privacy has started to play a pivotal role in the way consumers see their data, how can businesses deliver better levels of privacy whilst consuming less data?

It’s a role that can’t be understated. The conversation has shifted – where before businesses were trying to balance security against UX, now it’s vital that they consider security, UX, and privacy.

We found that 38% of people viewed scam messages as an invasion of privacy, with more yet rightly asking just how scammers got hold of their details. Consumers are highly aware of the value of their data – it’s hardly surprising that half of consumers are reluctant to share their data with any business.

So, it’s understandable that they’ll be less inclined to trust an organisation that relies on methods such as persistent cookies or continuous authorisation. For businesses, it’s essential that they can prove that they’re consuming as little data as possible when authenticating genuine users.

Rather than looking at knowledge factors such as a date of birth, the name of a first pet, technologies like behavioural biometrics examine how an individual interacts with device: the way they hold it, how they swipe, how they type. In this way, a genuine user can be identified inherently rather than by data that directly identifies them as a person.

How can issuing banks, merchants, etc. comply with SCA regulations while maintaining great UX?

Most organisations will have already been prepared to go live on the target date. Businesses shouldn’t be looking at regulation as the goal; it should be the minimum requirement. Extended deadlines for regulatory changes open up opportunities for businesses to level up on their approaches to authentication, to shift away from the analogue channels which are now – let’s face it – dominated by the fraudsters and scammers and look to future-proof digital channels that are infinitely more secure.

Getting SCA right does more than help a business prevent fraud. It gives them a golden opportunity to assess and refine their user journeys and in doing so, improve privacy and UX.

How can adoption of an orchestration of solutions strategy offer agility around fraud and regulation?

Orchestration is the key to helping businesses make those opportunities a reality. Every business will have a degree of legacy systems that it’s tied to, and technology such as Callsign’s Orchestration Layer allows an organisation to integrate highly secure digital authentication channels and mechanisms with those existing systems.

And with a plug-and-play Orchestration Layer like this, it means that businesses can update their rulesets and adopt and adapt the authentication channels that best suit them, ensuring that they’re proactive and able to keep the customer front of mind without having to make sacrifices between security and UX.

That agility is going to pay off in the both the short and long term. The next major regulatory shake-up might not happen for years; but it might be just around the corner.

What can businesses do to combat the threat of scam messages? That’s the topic of Callsign’s report on scam messages and the risks of reputational damage – download it here.

About Amir Nooriala

A knowledgeable and engaging panellist, moderator and speaker, Amir Nooriala is Callsign’s Chief Commercial Officer. His broad expertise across financial services, identity and fintech is rooted in his extensive experience – including working as CSO and COO at OakNorth and Ops & Tech MD at BGC, as well as key roles at Barclays, Accenture, and Cisco Systems. Beyond Callsign, Amir is a judge for the government's TechNation scheme, a champion for social mobility in the UK as a long-serving trustee of the charity Making the Leap and the UK Social Mobility Awards (UKSOMOs).

About Callsign

Callsign has a simple vision: we want to make digital identification seamless and secure. Our unique positive identification approach balances high security and user experience, allowing customers to interact online safely, with minimal friction, while ensuring that bad actors are blocked to protect customer’s identities and business interests.