New account fraud continues to grow at a rapid pace, threatening new digital banking business models and fintech platforms such as Zelle, that are in a customer acquisition race. Convenience, speed and ease of use make digital the preferred channel for consumers, but also open the door for criminals. With 14.7 billion personal records stolen in the last 6 years and the proliferation of synthetic identities making it very difficult to tell the difference between a legitimate applicant and one that will result in loss, new models for identity verification are starting to emerge, with behavioral biometrics as a key component.
The newest report issued by the U.S. General Accounting Office (GAO), Federal Agencies Need to Strengthen Online Identity Verification Processes, calls for an overhaul and updated guidelines on identity proofing, highlighting the availability of data stolen in various data breaches over the years in the hands of attackers and fraudsters. Already, the National Institute of Standards and Technology (NIST) has issued guidance in 2017 that effectively prohibits agencies from using Knowledge-Based Authentication (KBA) methods for sensitive applications. Now, the GAO is going one step further, recommending that all agencies discontinue the use of KBA and highlights various alternatives for consideration. The outcome may have far-reaching implications not just for federal agencies but across the board for all private entities that conduct identity verification and authentication to provide digital products and services.
Identity is everything on the internet. Every authentication hurdle online users need to jump through, such as two-factor authentication and passwords, is aimed at one goal – verifying the identity of the user. Digital identity has never been as important as it is now and will only continue to grow in importance as digital transformation takes hold.
One-time passwords (OTP) remain one of the most widely used forms of two-factor authentication, despite their well-documented vulnerabilities. Earlier this year, a major UK bank was hit by an attack in which fraudsters diverted text messages from legitimate customers’ phones in order to bypass two-factor authentication and access accounts.
Vishing costs British banking customers millions of pounds every year and has become the fastest growing scam in the United Kingdom, but the risk is not limited to that country. In a typical vishing fraud case, the criminal dupes his/her victims into performing financial transactions. For example, a fraudster may call the victim disguised as a security official from his or her bank and, after establishing trust, coerce the victim into transferring funds from his or her account into the scammer’s account as a ‘security measure.’ This voice-based, social engineering crime is only growing in popularity and is set to cost banking customers even more money in the coming years.
2018 seemed a dismal year for cybersecurity and identity. Massive data breaches, new forms of malware and increasingly sophisticated social engineering attacks hit businesses and consumers at a steady pace. This pace does not seem to be slowing down. Can we expect any better in 2019?
The paradigm for identity risk management and authentication is changing. In the new paradigm, context and data available for a specific type of interaction must drive analytics. Instead of just looking for commonality, we need to make better use of data that is unique.
Fraudsters are ever-evolving and constantly discovering new methods of stealing money from institutions worldwide. The drive to digital transformation is providing new opportunities for fraudsters to exploit businesses and consumers remotely. The losses from cybercrime continue to rise year-after-year with the number of cyber incidents targeting businesses nearly doubling between 2016 and 2017 according to the Online Trust Alliance. 2018 is not showing any reduction in these trends.
The world of payments is rapidly-changing. The rise of P2P payments in the U.S, Canada and Australia along with dramatic regulatory changes in Europe (PSD2), has created new opportunities across the ecosystem. New third-party payment providers (TPP's) in the EU and P2P apps in other regions are entering the arena by supporting the rapid rise in demand and associated adoption rates. Banks are enabling direct access to accounts via APIs. Consumers now get to pick which apps they use, how they want to pay, and when, making the user experience paramount to win their loyalty. At the same time, however, the speed and “openness” makes the ecosystem vulnerable to several types of threats including malware, social engineering, remote access Trojans, SIM swapping, call forwarding and other techniques. Using these techniques, the fraudsters are able to exploit various points of potential weakness: at the account creation stage, the bank account linking process and payment authentication.
As account opening continues to transition from physical to digital channels, financial institutions, issuers, lenders, and other organizations must optimize the digital experience of applicants in order to compete. At the same time, fraud is on the rise as criminals have become more successful than ever, thanks to some of the same digital channel benefits enjoyed by consumers: convenience, speed, and ease of use.
With account fraud rising and large amounts of personal information already compromised, financial institutions realize the shortcomings of basic passwords and OTPs and the need for biometric authentication to bolster security and enable a seamless user experience. However, many biometric platforms still use knowledge-based information to enroll customers, which makes it easy for hackers to create new accounts using personal identifying information.
On November 8, 2017 FindBiometrics and Money20/20 presented the live webcast, "The Evolution of Money and Biometrics." Reporting on the heels of Money20/20, FindBiomerics President Peter O'Neill reviewed the biggest FinTech biometrics news out of the world’s premier financial conference, before handing the presentation to Maxine Most, Principal, Acuity Market Intelligence, who presented her firm's latest guidance. Acuity’s research set the stage for a dynamic discussion of biometrics and identity in the financial space featuring expert panelists: Bianca Lopes, Chief Identity Officer, BioConnect; Frances Zelazny, VP Marketing, BioCatch; and Sanjib Kalita, Chief Marketing Officer, Money20/20.
There are many faces of fraud in the insurance market - using stolen identities to obtain a new policy - or just as troubling, an account takeover to make a false claim or change payee information to receive claim funds. And when fraud hits, it hurts everyone in the pool. In fact, according to the Federal Bureau of Investigation (FBI), annual losses related to insurance fraud is approximately $40 billion, costing the average American family $400-$700 in increased premiums each year.
BioCatch works with leading banks around the world and monitors more than 2 billion transactions per month. Join us as we provide a summary of fraudulent activity gathered via our behavioral biometrics platform in 2016, review the latest trends in online fraud and share some insights as to what 2017 will bring.
