According to the latest Financial Institutions Security Risks survey, 24% of banks worldwide struggle with the identification of their customers when delivering digital and online banking services. As more than half of banks (59%) anticipate growing financial losses due to fraud in the next three years, the verification of a user’s identity should be taking central stage in the cybersecurity strategies of financial institutions, Kaspersky Lab warns.
With the rise of online and mobile banking, customers are not only becoming victims of financial fraud, but also a major entry point for attacks on banks’ digital channels.
According to the research, in 2016, 30% of banks have had security incidents affecting banking services delivered via the Internet — with phishing against customers, and using customer credentials for fraudulent activities, as the top contributing factor leading to the attacks.
Banks find themselves in need of security technologies that do not undermine the customer experience: 38% of the organizations surveyed confirm that balancing prevention techniques and customer convenience is one of their specific concerns.
“While thinking of different approaches to secure digital and mobile channels, banks naturally avoid putting too much pressure on customers. Online banking should preserve its main benefits: as a convenient way of making financial transactions in seconds. That is why we are working on technologies that help to protect both banks and their customers without adding an extra security routine to the user’s experience,” said Alexander Ermakovich, head of fraud prevention at Kaspersky Lab.
In addition to two-factor authentication and other security procedures used by banks, Kaspersky Lab recommends implementing dedicated solutions that can help to identify whether a person is authorized, without requiring additional actions from the user.
The Kaspersky Fraud Prevention platform accumulates and analyzes user behavior, device, environment and session information as anonymized and depersonalized big data in the cloud. Risk Based Authentication (RBA) assesses possible risks before a user’s login, while Continuous Session Anomaly Detection identifies account takeover, money laundering, automated tools or any suspicious processes during the session.
As a result, the platform provides protection not only at the stage of login, but also during the session itself, while customers do not have extra authorization stages to pass through.
