Behavioral biometrics offer a solution to the tricky problem of how best to protect members from scams while avoiding the inconvenience and frustration of false positives.
Volumes have been written about improving the digital banking experience for consumers. Many retail banks and credit unions have stepped up to the challenge, but the COVID-19 pandemic has been instrumental in shining a light on potential shortcomings. For example, in a Q4 2020 survey among 260 community-based financial institution executives, CUES strategic partner Cornerstone Advisors found that only 5% had completed their digital transformation plan in 2019, while none had done so in 2020.
While financial institutions are struggling to improve the digital experience, they are also faced with an onslaught of bad actors scamming their customers. These fraudsters are often several steps ahead in finding new ways to steal, and the existing protections that credit unions have adopted to mitigate fraud only go so far. After countless data breaches that have exposed hundreds of millions of individuals in 2021 alone, usernames and passwords can be purchased on the dark web for pennies on the dollar.
Even two-factor authentication can be sidestepped by the most enterprising of cybercriminals. It’s no wonder then that RAT (remote account takeover) fraud increased by a staggering 282% between 2019 and 2020. Even if they don’t know what it’s called, many consumers are surely familiar with this increasingly common kind of scam.
In its most popular forms, criminals falsely claim to be someone from the credit union or card company. Through lies and manipulation, they convince their victims to follow instructions that ultimately give them control over or remote access to members’ devices, often in the name of “verification purposes” or to assist the user with logging in.
At that point, it’s game over.
Once a fraudster has gained remote access to a member’s computer, they can view everything their victims are typing—including login details and responses to security questions. After that, it’s just a matter of time before the fraudster empties the account and the victim’s money becomes virtually impossible to track down.
Protecting Members Against Fraud
So, what steps can financial institutions take to mitigate RAT scams and other forms of increasingly complex and hard-to-detect fraudulent activity without completely destroying the member experience?
It’s possible to create sophisticated data models that identify fraudsters based on global patterns in web and app activity, like time spent on specific web pages or device location. But these models tend to break down as resourceful fraudsters devise workarounds, creating ongoing work for fraud analytics teams. And these models tend to generate a significant volume of false positives, much to the ire of legitimate users who may feel they’ve been unfairly (and inconveniently) locked out of their accounts.
Behavioral biometrics offer a viable solution to this problem. By creating an ethically compliant record of normal, hard-to-fake digital behavior that is constantly re-verified each time a member logs on, credit unions can limit false positives and allow for real-time fraud prevention. For example, common behavioral biometrics may include the way in which consumers swipe on their devices, how they hold their devices, specific keystroke and device movements and more. Using this data, credit unions can understand when digital patterns diverge from past behavior—potentially indicating a compromised account—and take immediate action to stop fraudulent activity dead in its tracks.
In a world where millions fall victim to scams each year, the beauty of behavioral biometrics is that it offers an additional layer of security that’s personalized to each user. The result is a much more frictionless member experience that can undercut even the most sophisticated of scams.
Serpil Hall is head of financial crime at D4t4 Solutions Plc, London. Hall is a proven financial crime and fraud management professional with 20 years of commercial experience across many industries and sectors with deep expertise in fraud operations, fraud prevention systems, fraud biometrics and internal fraud controls. She has worked with some of the world’s largest global banks, airlines and merchants on strategic and tactical improvements to greatly reduce both internal and external fraud.