To Step Up or Not to Step Up: Reducing Friction with Continuous Authentication

Jun. 25, 2018 | by BioCatch

Nothing is more frustrating to consumers than having to re-authenticate an account in the middle of a transaction. Traveling and need to make a purchase from a new location? Shopping online from a different device? These legitimate transactions are often flagged for fraud and require customers to have to complete step-up authentication, adding yet another unnecessary step in their online shopping journey.

A false decline scenario could go something like this:

You’re the CFO of a major company. You've just landed in Prague and realize you need to complete a quick money transfer. But when you login on your smartphone, you’re stopped short. Because you have a new IP/location, you’re transaction is blocked until you call in to verify your identity.

That’s frustrating enough.

When you call the call center, you’re put on hold for 20 minutes, and then go through a number of verification questions. A simple money transfer just became a major headache.

Or, say you’re on vacation and remember you need to buy a birthday present. You head to your favorite online retailer, but your transaction doesn’t go through because you’re in a new location. To make your purchase, you’ll have to re-verify your account. What’s easier, re-verifying your account or forgetting about this purchase altogether and just deciding to give the person cash when you get back home? You tell me.

Most consumers will say forget it when it comes to extra hassle in online shopping experience, leading to frustrated shoppers and lost sales. More than four out of ten consumers said experiencing a false decline would drive them to leave their banking institution altogether. In 2016, false declines cost e-commerce companies an estimated $8.6 billion, in part due to high cart abandonment rates.

Consumers want security, but they don’t want to have to constantly re-verify their identity through step up authentication, like talking to a call center or entering a PIN or temporary code.

Step ups should occur if, and only if, a session appears to have been hijacked by a cybercriminal. Traditional authentication measures can’t deliver on that customer experience ideal, and they’re also failing at keeping cybercriminals out. Security and consumer experience demand an authentication solution that runs passively in the background, at all times, to detect fraudulent activity.

Risk-Based Continuous Authentication Solutions

Continuous authentication using behavioral biometrics lets companies make smart decisions about when to introduce step up authentication, leading to seamless customer experiences and fewer false declines.

Instead of relying on static information, like IP detection, device ID, passwords, and PINs, continuous authentication looks at a user’s individual behavior to verify their identity.

From login to logout, continuous authentication works in the background of a session to monitor users for over 2000 behavioral parameters. From hand-eye coordination to pressure, hand tremors, and scrolling, continuous authentication solutions build user profiles based on their interaction with a device. It works because everyone’s behavior, including fraudsters’, is unique.

Think of behavioral biometrics as an authentication express lane. Behavioral biometrics rely on previous authentication to verify users in the moment, based on their established user profile. Customers don't notice it because it relies on their actions, not location, PINs, or passwords. Even without a user profile, behavioral biometrics can differentiate activity that is symptomatic of typical fraudulent behaviors from legitimate activity.

This keeps the process smooth for consumers by only asking for step up authentication when risk is determined to be high. Otherwise, a user’s unique behavior verifies their identity, without asking anything more of them.

So if you’re that CFO just touching down in Prague or that forgetful gift-giver lounging on the beach, your new location won’t be a problem. Instead, your behavior will be monitored within the mobile banking app to verify the transaction.

Continuous authentication in action would look like this:

  1. The user navigates within the app to start the transaction, enters the transfer amount and types in a memo.
  2. Behavioral biometrics monitors these actions to identify the user.
  3. If the behavior, how the user types, swipes and taps, matches the user profile, the transaction will go through.
  4. If an imposter attempts to make the same transaction, they’ll be stopped short by a request for step up authentication.

Basing authentication on behavior means fewer false fraud alarms and the ability to reserve step up authentication only for those high-risk situations. Customers can travel, shop, and bank with ease and peace of mind, and retailers and financial institutions can stop losing business to unnecessary interruptions.

Harmonizing customer experience and fraud prevention is possible. Learn more about continuous authentication in our white paper.

Topics: Authentication, Continuous Authentication