Thursday, October 26, 2017
The survey, conducted online, was geared for information security and financial services professionals. Primary areas of inquiry included the top forms of fraud afflicting financial organizations, biggest gaps in organizations' efforts to detect and prevent fraud, and how to counter the surge in mobile exploits while also preserving a frictionless customer experience. The 27-page report includes key statistics and emerging trends in device binding, machine learning and behavioral analytics, with additional analysis by Aite Group LLC and Gartner Inc. experts.
While 47 percent of survey respondents cited payment card fraud as a leading concern, 41 percent were concerned that new anti-fraud controls might impede the customer experience. However, 65 percent improved fraud detection and monitoring, using unobtrusive, automated data analysis and transaction monitoring software, report authors noted.
David Vergara, Head of Global Product Marketing at Vasco, said new, simplified security schemes are designed with consumers in mind. "Consumers demand a simple and secure banking and transaction experience across all channels," he noted. "Overly inconvenient authentication and transaction approval measures will often cause consumers to seek more user-friendly processes."
Vasco Chief Executive Officer Scott Clements added, "In the past, balancing security with implementation and ease of use often came with tradeoffs. New identity solutions that integrate multiple authentication technologies, such as those from Vasco, are changing this equation, enabling trust in identities, transactions and devices with no degradation of the user experience."
Julie Conroy, Aite Research Director, said financial institutions are deploying layered techniques to verify mobile device ownership, using a combination of deep device fingerprinting, public key infrastructure-based solutions and behavioral analytics. "Properly fortified, a well-protected mobile app can be used not just to protect transactions in the mobile channel, but that device can also then be used to enable security for other channels as well," she said.
Ideally, advanced security schemes combined with heightened consumer awareness provide the best protection from phishing and social engineering attacks, Vergara noted. "It can be difficult for a consumer to detect the difference between the real website and a fraudulent one," he said. "For example, when a user receives a message or instructions from a site that looks like their bank, many times they fail to question the authenticity of the message, and they can easily be preyed upon by cybercriminals." He went on to say that end-users control authorization decisions in most transaction processes, but in social engineering schemes like phishing, a hacker can convince the user to generate a signature and authorize a fraudulent transaction.
Avivah Litan, Vice President and Distinguished Analyst at Gartner, has seen an ongoing tug of war between business managers who want a frictionless customer experience and security managers who want strong security; however, she said these concepts are no longer mutually exclusive. Complicated security schemes only inconvenience the good guys and do not keep the bad guys out, she noted.
"Luckily, in my opinion, frictionless security also provides the strongest security," she stated in the report. "Frictionless by default means the user cannot easily 'see' the security measures, for example strong biometric authentication, since they run transparently in the background."
Litan suggested these advanced schemes will also be harder for criminals to detect because they can't be seen. "An unseen fraud control is much harder to map out for the purpose of circumventing it later," she said. "Of course, fraudsters can run test transactions through applications to try and ascertain their 'unseen' or transparent fraud logic, but this is difficult to do without getting caught."
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.