Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Banking

Posted By Gbaf News

Posted on October 3, 2018

Moving past the password: how banks can keep customer data safe

Andrius Sutas, CEO and co-founder of AimBrain 

In 2018, security is a more salient – and more challenging – issue than it’s ever been before.

For mobile banking alone, last year’s overall number of Trojan virus attacks was twice that of the year before, and a 17-fold increase on 2015’s. McAfee detected 16 million mobile malware infestations in Q3 2017 alone: double that of Q3 2016.

Mobile enables new products, superior segmentation, remote onboarding, and a host of other benefits, but unfortunately, these advances extract a price from banks and financial services institutions. With every new tool comes a number of new attack vectors for criminals to exploit: new opportunities to coerce, dupe, and violate in pursuit of data, money, or simple mischief.

To defend themselves and their customers against these malicious forces, banks have largely focused on verifying devices, rather than people – using passwords and biometric authentication. These approaches have, however, addressed the symptoms rather than the disease. Without verifying the person, authenticity is never fully assured: if credentials can be acquired with an educated guess, a dash of plausible-sounding charm, or even interception, those credentials are not secure. Enterprises that continue to rely on passwords will be at the mercy of their considerable weaknesses.

So how can banks and financial services organisations safeguard customer data – without risking noncompliance with the law, or compromising the freedom and flexibility provided by new technology?

Banking on biometrics

For today’s and tomorrow’s challenges, the best solution is to add additional layers of security. This is achieved most easily and effectively with biometrics, which assure the authenticity of the user, instead of the device used.

A person’s face, fingerprint, or voice is an effective means of verification because it is not easily duplicated and it is not a secret that can be teased out. Anyone can find out anyone’s mother’s maiden name; it’s somewhat harder to steal their face.

This isn’t to say that biometric authentication is flawless: some less sophisticated gateways can be beaten with a video, or a voice recording. But good security is about layers: it shouldn’t matter if it is theoretically possible for a hacker to beat one level of a KYC check, because they will ideally have to also beat layers two, three, and so forth. Passwords don’t work because if a hacker has it, then they have it – and they only had to overcome one challenge for the privilege.

But which challenges can banks add for those with malign intent?

Passive bot detection

 Prevention, as they say, is the best cure. Passive bot detection allows banks to feed industry or institution-specific fraud data into a passive anomaly detection module – alerting organisations to the earliest signs of suspicious behaviours. Though it’s used largely for bots, it can also detect troubling behaviours from manual (i.e. human) users, and from as early as the onboarding stage.

Multiple biometrics

Why create an obstacle for hackers when you can create an obstacle course? Multiple biometrics allows you to combine and layer challenges for hackers, including voice, face, bot detection, and behavioural analysis – creating unique systems comprised of ‘step-up/step-down’ security rules and weightings on particular outcomes. The yes/no dichotomy of passwords is replaced with a complex, evolving, in-session risk-based assessment that can discern user authenticity on an ongoing basis.

AimBrain’sAimFace/LipSync solution is one example of a multiple biometrics-based solution: it combines facial authentication with a voice challenge and lip synchronisation analysis. Customers can enrol or access their account by simply taking a selfie and reading a randomised number. If it sounds straightforward, it is – and it’s impossible to spoof using any method available as of this writing.

Simple, yet smart

Finally, simple and smart tests can be combined using the latest anti-spoof and liveliness detection tools – merging simple user challenges with time-sensitive outcomes built on a foundation of artificial intelligence. Facial authentication, for example, can be combined with in-session audio prompts. It’s secure, it’s straightforward, and it highlights the principal benefit of biometrics: they’re right there, in plain sight – and with technology, can be completely useless to cyber criminals.

Secrets are fragile and dangerous: they’re there to be guessed or stolen, and in 2018, are no means of protecting customers or institutions. A modern bank can’t fully contend with fraud until it learns to anticipate it. A true biometrics partner can help an institution do just that: moving beyond the password and toward a future where the customers themselves – instead of their devices – are the best defence against attacks on their data and assets.

AimBrain is a BIDaaS (Biometric Identity as-a-Service) platform for global B2C and B2B2C organisations that need to be sure that their users are who they say they are.

Recommended for you

  • Risk Assessment Models for SME Lending in Banking

  • Statistical Models for Cash Flow Forecasting and Liquidity Management for SMEs in Banking

  • Data-Driven Financial Health Monitoring for SMEs in Banking