Adaptive authentication: balancing opportunity and risk in an omnichannel world

The age of digital transformation has arrived, revolutionising the financial services industry with new ways of doing business anytime, anywhere. With a growing array of digital banking channels available, customers seemingly have infinite possibilities for conducting financial business. At the same time, this expansion of banking channels increases the risk of fraud.

Winning in the digital era means rising to the challenge of meeting an entirely new set of customer expectations. As Hari Gopalkrishnan, CIO of Client Facing Platforms at Bank of America put it, ‘Our customers don’t benchmark us against banks. They benchmark us against Uber and Amazon.’ To succeed, FIs must manage digital risk so that it doesn’t stand in the way of digital opportunity. In the middle of the fulcrum sits customer experience.

Top five areas for digital opportunity

There are five key areas of digital opportunity for the financial services industry, as follows:

Fintech

Fintech is transforming the industry. Digital wallets, cryptocurrency, blockchain, and other Fintech offerings are redefining banking and financial services in a multitude of ways, putting traditional FIs at risk of losing business to them. Increasingly, traditional banks are rapidly innovating to provide more of the kinds of digital services their Fintech competitors offer.

API economy and Open Banking

The API economy offers customers the option of convenience such as being able to link their accounts with other services (utility payments, for example) without the FI having to build out a complex technology infrastructure to support the new capability. In some cases, this may be more than an opportunity; it may be an obligation. For example, the European Union’s (EU’s) Payment Services Directive II (PSD2) requires banks doing business in the EU to open access to their systems to payment services and data aggregators.

3-D Secure 2.0

Card issuers and issuing processors have started or are planning to embark on the journey of adopting EMV 3-D Secure (AKA 3-D Secure 2.0). The opportunity for 3-D Secure 2.0 lies in its adoption of consumer-friendly features such as the elimination of enrolment pop-ups, full integration into the shopping experience, and faster authentication. By reducing the annoyance factor, these changes have the potential to lead to more approved transactions and more revenue.

Mobile banking

Mobile banking has become a staple of consumer offerings. In fact, the mobile channel has become the predominant and preferred channel for consumers.

According to RSA’s Quarterly Fraud Report, in the last three years, transactions from mobile apps have increased over 200%, and the overall volume of activity in the channel now outpaces that of the web with 55% of all transactions conducted from a mobile app or mobile browser. As a result, FIs are expanding their mobile channel to provide new services to their customers while meeting their demands for secure, convenient account access.

Internet of Things (IoT)

While banking does not lead the list of today’s top IoT applications, the prospects for IoT-based financial transactions look good nevertheless – particularly in the payments segment. IoT is an emerging area, deemed the next evolution in banking and shopping convenience. The concept of ‘human-not-present’ transactions where IoT devices interact directly with payment systems is not far off and it will enable more personalised services, facilitate usage-based fees, and much more.

Stop fraud, not customers

As the array of digital channels grows, so does the need for security technology that can detect and prevent fraud in ways that are frictionless for customers. Adaptive authentication solutions leverage machine learning models to assess fraud risk based on contextual information such as device identification, IP address, user behaviour, and fraud intelligence (eg mule accounts). Its nonintrusive nature, flexibility, and ability to manage fraud risk across multiple channels makes adaptive authentication an ideal solution for FIs looking to deploy strong security to large customer populations.

Adaptive authentication technology can achieve fraud detection rates of 95% with minimal customer intervention and it allows for integration with numerous step-up authentication methods in the event of a high-risk scenario, including out of band SMS or email, biometrics, transaction signing, and more.

With so many channels for customers to interact, omnichannel fraud detection has become a hallmark of adaptive authentication. Back when ‘multiple channels’ at most meant a branch bank and an ATM network, this wasn’t so much an issue.
But today’s banking channels are also likely to include online banking, chat support, mobile banking, call centre, IVR, and third-party services, with more channels, such as IoT devices, on the way. In this environment, siloed operations are both ineffective and unsustainable.

Adaptive authentication allows operations to be carried out as a whole rather than an array of discrete parts. This eliminates the need to build and maintain a separate infrastructure (including separate point solutions for fraud detection and prevention) for every channel. Instead, all channels – both online and offline – can share knowledge and awareness of a customer’s interactions and lead to streamlined operations, a more secure banking environment, and a smoother customer experience.

About Daniel Cohen

Daniel Cohen is Head of Products for RSAs Fraud & Risk Intelligence Suite, including the Adaptive Authentication business lines, Web Threat Detection and FraudAction. In his role, Daniel is responsible for the strategic, long-term direction of the product portfolio, as well as overseeing short-term roadmap execution. Prior to joining RSA, Daniel spent over a decade in a privately-held business in a number of roles including product development and software engineering. Daniel holds two patents.

About RSA

RSA, a Dell Technologies business, offers business-driven security solutions that uniquely link business context with security incidents to help organisations manage digital risk and protect what matters most. RSA’s award-winning cybersecurity solutions are designed to effectively detect and respond to advanced attacks; manage user identities and access; and reduce business risk, fraud, and cybercrime. RSA protects millions of users around the world and helps more than 90% of the Fortune 500 companies thrive in an uncertain, high-risk world.