Why is risk management key to digital banking?

As more and more consumers turn to digital banking, they expect to be able to onboard and access financial institutions (FIs) and seamlessly manage their finances on any connected device.

Wherever they are.

In parallel, financial institutions face a dramatic increase in the number of sophisticated and complex cyberattacks

Fraudsters and hackers are continuously challenging the security measures put in place by FIs to protect their customers' sensitive data.

For example, according to Fraud – The Facts 2020 report from UK Finance, even though FIs in the UK do a fairly good job and prevent about 60% of all attempted fraud, it still poses a significant threat and causes big losses. In fact mobile banking fraud losses in the UK have increased rapidly and grew by 92% in 2019.

This means that risk management strategies and authentication policies have to adapt and be more automated to cope with an increased number of connections, the creativity of fraudsters, plus all the new regulations.

FIs need to use multiple techniques to monitor each risk and cyber attack, but implementing these can be a real challenge with several vendors involved. 

 

Risk management to establish trust

Risk management to establish trust

Gemalto IdCloud risk management services are used for identity affirmation and risk-based authentication (RBA) and harness the power of four layers of intelligence. Each layer transparently analyses user and environment activities from different perspectives to identify high risk before any harm is done.

Together, they create a dynamic profile of each event, giving you the confidence that you are identifying ‘good’ consumers based on their online interactions.

Device intelligence allows you to accurately identify recurring devices, detect high-risk networks and locations and spot device anomalies which can indicate fraudulent activity.

Behavioural biometrics looks at inherent user behaviour and analyses how someone types, moves their mouse or holds their device to create an individual profile. This profile is used for future sessions to detect account takeover or social engineering fraud, since typing patterns usually differ when a fraudster is coaching a victim to make a transaction. It can even be used during onboarding to compare each individual with a population profile to detect potentially fraudulent users or distinguish between humans and bots.

Behavioural analytics analyses user habits at individual and population level to detect unusual behaviour. For instance, it checks what time of day users access bank services, from which locations and using which devices, and flags up any out-of-the-ordinary transactions.

Trust consortium evaluates billions of events to help you know who to trust, even if they are new to you, by gathering anonymised and encrypted insights from online events across our clients. A warning will be issued if an IP or device ID is linked to past fraud.

These intelligence layers create a dynamic profile of each event that protects customers and businesses. By combining risk-based authentication (RBA) with strong customer authentication (SCA) you enhance the user experience (UX) and security for all digital banking use cases.

 

 

Enhanced onboarding with risk management

By adding identity affirmation you can strengthen your identity proofing process security. It applies risk management technologies to analyse the environment and user behaviour to detect suspicious activities. The goal is to prevent ID fraud during digital onboarding, but identity affirmation can also lower total cost of ownership by avoiding additional checks and abandoning high-risk enrolments at an early stage.

The best way to combat new account fraud is with a holistic, multi-layered approach to security. By using risk management technologies and learning to recognise your standard user’s normal online interactions compared with both known legitimate customer behaviour and known fraudster behaviour, it is possible to weed out criminals in real time.

Read more about our services for digital onboarding

 

 

Enhanced access with risk management

By adding smart risk management services to the access phase, the risk level of every single customer transaction is analysed and a recommendation on the most appropriate authentication method is given. This helps to make the right choice to minimise risk and prevent account takeover fraud: allow the transaction, block the transaction or challenge the customer with a step-up authentication. In this way FIs can define a risk-based authentication (RBA) policy based on customer segmentation, customer preference, use cases and their own parameters. All running unobtrusively in the background to provide the best end-user experience.

Read more about our services for digital banking access

 

Seek products and services that enable continuous adaptive access as a resilient response to advanced threats and improve UX.

Gartner "Market Guide for User Authentication," Ant Allan, et al., 26 June 2020
 

 

Risk management

 

 

Benefits  of risk- based authentication (RBA)

Benefits of risk-based authentication(RBA)

 

Comply with the latest security regulations

Gemalto IdCloud’s risk management services are the perfect answer to the new security requirements of regulations such as PSD2 and FFIEC. It offers real-time monitoring of the authentication and transaction process risk, as required in the regulatory technical standards (RTSs) of PSD2.

 
Complex security policies can be defined, based on the level of risk, the type of transaction and the user profile, as recommended by FFIEC. It also helps you to meet the requirement for stronger fraud prevention to fight the increasing number of cyber attacks and growing levels of fraud.

Data privacy regulations such as GDPR in Europe and CCPA in the US are becoming ever more stringent. These can be a real challenge to comply with if data has to be processed by several different vendors for risk assessment. Gemalto IdCloud has been designed for GDPR and CCPA compliance.

 

 

One cloud platform to secure onboarding and access to digital banking 

Our cloud-based managed services enable FIs to combine identity proofing and strong customer authentication to provide secure onboarding and access to digital banking. By adding risk management you can further increase security and enhance the customer experience with identity affirmation and risk-based authentication. With one single platform. 

 

More resources

Documents

Gemalto IdCloud

Thales Gemalto IdCloud

One cloud platform to secure the digital banking journey

Gemalto IdCloud [PDF - 1mb]
fs-IdCloud-KYC.png July 2021

Thales Gemalto IdCloud for Onboarding

Cloud based solution to secure onboarding to digital banking services

Gemalto IdCloud KYC [PDF - 2.4mb]
fs-IdCloud-authentication.png

Thales Gemalto IdCloud for Access

Cloud based strong customer authentication and flexible risk management to secure access to digital banking services

Gemalto IdCloud for Access [PDF - 2 mb]
fs-wp-psd2-vol-8.png

Risk management in the context of PSD2 and EBA’s RTS

Banks around Europe are facing the challenge of implementing the revised Payment Services Directive (PSD2) and, in practice, its related Regulatory Technical Standards (RTS).

Download the whitepaper

Get in touch with us

For more information regarding our services and solutions contact one of our sales representatives. We have agents worldwide that are available to help with your digital security needs. Fill out our contact form and one of our representatives will be in touch to discuss how we can assist you.

Please note we do not sell any products nor offer support directly to end users. If you have questions regarding one of our products provided by e.g. your bank or government, then please contact them for advice first.