We live in unprecedented times. Criminals now know more about the identity of a bank’s customers than the bank.
Due to vast amounts of data available to criminals and their clever ability to masquerade as and manipulate their victims, FIs find it increasingly difficult to trust that their clients truly are who they say they are.
Trust Damaged by Access to Personal Dataearly a billion identities have been exposed since the beginning of 2013. Around the world, 1,355 records are stolen every minute. And criminals are using their detailed knowledge of account holder and bank employee identities to commit fraud.
We all see the news about new strains of malware, data breaches, credential compromises and new fraud tactics one at a time. But they are additive. When taken together, including what people willingly share on social networks and additional data gathered through social engineering, criminals have an unprecedented amount of data about account holders and employees.
Trust is further eroded by victims being tricked or manipulated into doing something that benefits the fraudster. Recent examples include criminals using compromised business email account to submit fake vendor invoices that fool AP staff into paying them, and compromising a CFO’s email account and using it to ask the controller to send a wire to the fraudster’s account.
As a result of this loss of trust, many financial institutions hold back on capabilities because of concerns over trust and security, scaling back the speed and depth of products and services they offer, how big of an audience is allowed to use certain capabilities, and the overall service levels being offered.
Institutions’ Unique Advantage Over Criminals – Behavior
This isn’t an authentication problem, or a device problem, or a manual review problem. These measures have been defeated and simply doing more of the same won’t prevent fraud nor solve the trust issue. Financial institutions need a different approach to validating that users are who they say they are and their actions are not being driven by criminal manipulation.
While criminals may have identity information as a weapon, FIs have an something much more powerful – a rich account holder history of interactions with the institution. Account holder behavior is an FI’s greatest asset in their fight to prevent fraud.
By using behavioral analytics to detect suspicious activity, FIs will once again know when a user is legitimate (and engaged in legitimate activity) and not an imposter. FIs will regain control over trust because while fraudsters can worm their way past any authentication control, they can’t mimic the behavior of the legitimate user.
Unprecedented times call for new solutions. A recent Aite Group study found that 79% of the financial institutions interviewed have one or more behavioral analytics solutions already in place, with another 10% in the pilot phase. FIs using behavioral analytics can prevent banking fraud and mitigate the risks associated with expanded services, turning this data-induced identity crisis into improved competitiveness and customer loyalty.