Why is risk management key to digital banking?

As more and more consumers turn to digital banking, they expect to be able to onboard and access financial institutions (FIs) and seamlessly manage their finances on any connected device.

Wherever they are.

Financial institutions face a dramatic increase in sophisticated and complex cyberattacks

Fraudsters and hackers are continuously challenging the security measures put in place by FIs to protect their customers' sensitive data.

For example, according to Fraud – The Facts 2020 report from UK Finance, even though FIs in the UK do a pretty good job and prevent about 60% of all attempted fraud, it still poses a significant threat and causes big losses. In fact, mobile banking fraud losses in the UK have increased rapidly and grew by 92% in 2019.

This trend means that risk management strategies and authentication policies have to adapt and be more automated to cope with an increased number of connections, the creativity of fraudsters, plus all the new regulations.

FIs need to use multiple techniques to monitor each risk and cyber attack, but implementing these can be a real challenge with several vendors involved. 

 

Risk management to establish trust.

Risk management to establish trust

Gemalto IdCloud risk management services are used for identity affirmation and risk-based authentication (RBA) and harness the power of four layers of intelligence.

Each layer transparently analyses user and environment activities from different perspectives to identify high risks before any harm is done.

Together, they create a dynamic profile of each event, giving you the confidence that you are identifying ‘good’ consumers based on their online interactions.

The Device intelligence is the first level.

  • It allows you to identify recurring devices accurately, detect high-risk networks and locations and spot device anomalies that indicate fraudulent activity.

At the second level, behavioural biometrics looks at inherent user behaviour and analyses how someone types, moves their mouse or holds their device to create an individual profile.

  • This profile is used for future sessions to detect account takeover or social engineering fraud. Typing patterns usually differ when a fraudster coaches a victim to make a transaction.
  • During onboarding, it can even be used to compare each individual with a population profile to detect fraudulent users or distinguish between humans and bots.

The third level, behavioural analytics, analyses user habits at individual and population levels to detect unusual behaviour.

  • For instance, it checks what time of day users access bank services, from which locations and using which devices, and flags up out-of-the-ordinary transactions.

In the fourth level, the Trust consortium evaluates billions of events to help you know who to trust, even if they are new to you.

  • It gathers anonymised and encrypted insights from online events across our clients. A warning will be issued if an IP or device ID is linked to past fraud.

The result?

These intelligence layers create a dynamic profile of each event that protects customers and businesses.

By combining risk-based authentication (RBA) with strong customer authentication (SCA), you enhance the user experience (UX) and security for all digital banking use cases.

 

 

Enhanced onboarding with risk management

By adding identity affirmation, you can strengthen your identity proofing process security.

It applies risk management technologies to analyse the environment and user behaviour to detect suspicious activities.

The goal is to prevent ID fraud during digital onboarding, but identity affirmation can also lower total cost of ownership by avoiding additional checks and abandoning high-risk enrolments at an early stage.

The best way to combat new account fraud is with a holistic, multi-layered approach to security.

Using risk management technologies and learning to recognise your standard user’s normal online interactions compared with known legitimate customer behaviour and known fraudster behaviour, it is possible to weed out criminals in real-time.

Read more about our services for digital onboarding.

 

 

Enhanced access with risk management

By adding smart risk management services to the access phase, the risk level of every single customer transaction is analysed, and a recommendation on the most appropriate authentication method is given.

This helps to make the right choice to minimise risk and prevent account takeover fraud: allow the transaction, block the transaction or challenge the customer with a step-up authentication.

In this way, FIs can define a risk-based authentication (RBA) policy based on customer segmentation, customer preference, use cases and their own parameters.

All running unobtrusively in the background to provide the best end-user experience.

Read more about our services for digital banking access.

 

Seek products and services that enable continuous adaptive access as a resilient response to advanced threats and improve UX.

Gartner "Market Guide for User Authentication," Ant Allan, et al., 26 June 2020
 

 

Risk management

 

 

Benefits  of risk-based authentication (RBA)

Benefits of risk-based authentication(RBA)

 

Comply with the latest security regulations

Gemalto IdCloud’s risk management services are the perfect answer to the new security requirements of regulations such as PSD2 and FFIEC. It offers real-time monitoring of the authentication and transaction process risk, as required in the regulatory technical standards (RTSs) of PSD2.

 
Complex security policies can be defined, based on the level of risk, the type of transaction and the user profile, as recommended by FFIEC. It also helps you meet the requirement for stronger fraud prevention to fight the increasing number of cyber-attacks and growing levels of fraud.

Data privacy regulations such as GDPR in Europe and CCPA in the US are becoming ever more stringent. These can be a real challenge to comply with if data has to be processed by several different vendors for risk assessment.

Gemalto IdCloud has been designed for GDPR and CCPA compliance.

 

 

One cloud platform to secure onboarding and access to digital banking 

Our cloud-based managed services enable FIs to combine identity proofing and strong customer authentication to secure onboarding and digital banking access.

You can further increase security by adding risk management and enhance the customer experience with identity affirmation and risk-based authentication.

With one single platform. 

 

More resources

Documents

Gemalto IdCloud

Thales Gemalto IdCloud

One cloud platform to secure the digital banking journey

Gemalto IdCloud [PDF - 1mb]
fs-wp-psd2-vol-8.png

Risk management in the context of PSD2 and EBA’s RTS

Banks around Europe are facing the challenge of implementing the revised Payment Services Directive (PSD2) and, in practice, its related Regulatory Technical Standards (RTS).

Download the whitepaper

Get in touch with us

For more information regarding our services and solutions contact one of our sales representatives. We have agents worldwide that are available to help with your digital security needs. Fill out our contact form and one of our representatives will be in touch to discuss how we can assist you.

Please note we do not sell any products nor offer support directly to end users. If you have questions regarding one of our products provided by e.g. your bank or government, then please contact them for advice first.