Tech Time: Know Your Member

With the drastic technology-led changes transforming financial services, industry decisionmakers have good reason to be data obsessed: The competition requires it. Everyone from bulge bracket banks to fintech startups are delivering data-driven solutions over digital channels. While this has led to improved efficiency and facilitated game-changing innovations across the industry, it has created challenges too.

The IT infrastructure required to support these changes is only growing more complex and costly. Seventy-four percent of respondents to a recent Harvard Business Review survey say IT environments will become significantly more complex at their organization within the next 18 months. On top of that, regulators are demanding access and introducing policies to govern how firms collect and protect these new data streams. Most critically, there is a growing host of cybercriminals looking to take advantage of the surge in traffic to these new digital channels.

Growing Risk in a Data-Driven World

As the pandemic encouraged the adoption of online service models, it also provoked cyberattack activity. According to Neustar’s Cyber Threats & Trends Report: First Half 2020, there were 2.5 times as many attacks in the first half of 2020 as the same period in 2019, and the volume and intensity of attacks also increased year over year. Financial institutions face a staggering array of daily raids from bots and bad actors intent on enriching themselves. This happens through illicit account registrations, fraudulent transactions and malicious malware.

The growing number of bot attacks is a major security concern. A 171% year-over-year growth in bot-based account creation attacks is just one example this rising activity. Bots are used in a range of fraud strategies, from the online equivalent of simply trying the doorknob to highly sophisticated efforts that involve impersonating actual members.

The overall threat is massive. Losses to online fraud are growing even more quickly than digital commerce itself. It’s estimated that the average cost of cybercrime per financial firm was $18.5 million in 2019; that figure has only grown in 2020.

Turning Members Away

The only thing that’s more expensive? The cost of prevention. Challenges and false declines cost credit unions more than the fraud they’re designed to prevent. Experts estimate that between 30% and 70% percent of all declined purchases are actually legitimate. Nothing frustrates a consumer more than a lack of trust from the organization responsible for their finances.

To be successful, IT teams are tasked with examining every incoming attempt to access a site or service. This means monitoring for any indications that it may be malicious or that the “user” may be some type of bot. The goal is to prevent bad actors from registering in the first place or from authenticating if they have previously registered. At the same time, IT teams have to make the experience as frictionless as possible to keep actual members or prospects from choosing a competitor’s offering.

These challenges are coming at a time when traffic to credit unions’ online channels has never been higher. Members also expect access from all their devices. This year, 90% of users will make a mobile payment with their smartphone.

Know Your Enemy—And Your Member

In this new data-driven environment, the key is to have data-driven intelligence on who is accessing your digital channels. Instant insights into your organization’s traffic and infrastructure—at scale—is now a requirement. It can be used for offense (to strengthen the member journey and relationship) and for defense (to protect critical enterprise assets, from networks to services). The cornerstone to this approach is IP geolocation data.

IP geolocation decisioning data enables IT teams to accurately determine where a user’s IP address is located—for example, where in the world a device is trying to log into online banking—and whether it is being used by a human or a bot, which can help prevent false positives while providing your members with the safe and seamless experience they expect.

Leveraging this data is not something new for many IT departments. In fact, advanced organizations have been using IP geolocation for years. However, while IPv6 (Internet Protocol Version 6) is much more efficient and secure, it has become far more complex to deploy since the space required for 128-bit IPv6 addresses is roughly 10 billion times larger than its 32-bit IPv4 predecessor. But the now 20-year-old IPv6 technology has been improved by modern analytics to give provide insight into 99% of all allocated IPv6 addresses. That information allows organizations to make informed estimates of the city, ZIP code, state and country where the current device associated with that IP address is located.

Identity-Empowered Digital Services

IP geolocation insights enable financial services firms to make informed decisions about how—or whether—to handle each visitor from the moment they engage. This goes beyond just identifying bad actors and bots. With geotargeted decisioning data, determining the location of a new prospect, as well as returning members, is possible at each access point. This allows for seamless security at every point of member interaction, from registration to checkout to post-sales support.
 
Geolocated identification also offers ZIP code-level assignments to users, which can be used to streamline the member journey. Features like having web applications to improve their default selections based on location make the user experience more cohesive, especially when connecting the online world with offline brick and mortar branches, stores and ATMs. It ensures the right content is delivered at the right time without subjecting members and prospects to endless authentication checks.

Location intelligence even has a role in helping credit unions track user location for compliance and response. The result is a secure and compliant organization that delivers localized content across its most important channels.

With the right data to determine location and associated risk levels, credit unions can quickly make informed decisions around network security, fraud mitigation and threat detection, dramatically improving the member experience.

Brian McCann joined Neustar in October 2019 as EVP and president of security solutions. He is responsible for the vision, strategy, operations and stakeholder satisfaction of the company's cloud-based and data-driven security solutions business, including Neustar’s industry-leading application security, DNS, security intelligence and website performance management offerings. Brian has more than 25 years of executive leadership experience in high-growth security and technology businesses.