In recent years, a growing number of organizations have employed two-factor authentication (2FA) as a primary safeguard mechanism. They all share the notion that requiring a second security layer will be instrumental in reducing data breaches and identity theft. Two-factor authentication is based on the fundamental assumption that at least two out of three authentication factors are used in the process (“something you know, something you have, something you are”). 2FA is not a new security measure, nevertheless, it is in extensive use, despite the growing recognition that it is not so effective.
As account opening continues to transition from physical to digital channels, financial institutions, issuers, lenders, and other organizations must optimize the digital experience of applicants in order to compete. At the same time, fraud is on the rise as criminals have become more successful than ever, thanks to some of the same digital channel benefits enjoyed by consumers: convenience, speed, and ease of use. To achieve the necessary balance between preventing fraud and providing a delightful experience for consumers, an approach to identity proofing that accounts for the channel, product, customer, and threat environment is absolutely critical. But regardless of the approach, inconspicuous solutions — like those based on applicant behavior — have a distinct role to play in how institutions manage the risk of application fraud.
The widespread digitization of financial services is causing large-scale and sweeping transformations across various facets of the business, creating new growth opportunities but also new challenges and inherent risk. In the insurance sector, particularly, digital transformation is driven by new competitive threats, ongoing cost pressures, aging technology and increasing regulatory requirements. Put all together, there is a huge opportunity to modernize, to create new business models, acquire customers on new channels and create competitive and compelling customer experiences.
Cyber-psychology is an emerging research program which examines individuals in the context of human–technology interactions. As a developing field, cyber-psychology relates to several psychological phenomena associated with or affected by technological applications and use. Essentially, research topics include human–computer interaction: computer graphics, operating systems, programming languages, communication theory, graphic and industrial design disciplines, linguistics, social sciences, cognitive psychology, and human performance. While some researchers emphasize the computer in computer–human interaction, a defining characteristic of cyber-psychology is that the human takes precedence over the computer.
With the rapid growth in the scope, sophistication, and variety of online fraud and cyber-crime, new approaches are required for fraud detection and user verification. Behavioral biometrics has been getting a lot of attention lately as being able to uniquely address the challenges posed by social engineering, account takeovers and malware. By looking at the way people scroll, type, toggle between fields and use shortcuts, behavioral biometrics can help determine the authenticity of a user, not just which device or password was used to login.
According to the 2017 Identity Fraud Study released by Javelin Strategy & Research, in 2015, there were more than 1.5 million new account fraud victims that accounted for losses of $2.8 billion. This number increased by 40% in 2016, and there is no reason to believe that this trend is stopping anytime soon. In fact, some statistics show that new account fraud accounts for 20% of all fraud losses.
BioCatch is a cybersecurity company that delivers behavioral biometrics, analyzing human device interactions, to protect users and data. Banks and other enterprises use BioCatch to significantly reduce online fraud and protect against a variety of cyber threats, without compromising the user experience.
Remote Administration Tools (RATs) have a dual purpose. Their original objective was to allow IT personnel to remotely access computers connected to the network, so they can run troubleshooting or remote maintenance on the PC. Many people use remote access capabilities because it allows them to enter their far-away desktop and control it, just like they were sitting behind the keyboard themselves.
As mobile devices eclipse computers and laptops as the preferred method of going online, fraudsters have followed users, porting their modus operandi –account takeover, social engineering, and malware based remote control attacks – to the mobile arena. Mobile has opened up many new ways for users to communicate and connect without being tied to a desk or a power outlet – and at the same time, it has presented hackers with many more opportunities to perpetrate fraud and carry out attacks that cannot be detected with traditional tools used to detect attacks in web sites. As a result, companies need to apply new fraud controls to protect mobile users and enable them to carry out transactions, check bank accounts, make purchases, etc.