By Avi Turgeman, Founder and CTO of BioCatch™
In today’s globalized world, many travel for business as companies often have offices scattered across the globe. To conduct business smoothly, efficiently and conveniently, both at home and abroad, people have become increasingly reliant on their mobile devices to take care of transactions when on the go. However, while online and mobile banking are rapidly overtaking traditional on-site and telephone services, there are still strict limitations to what mobile can do. And this is a real problem.
As I am based in Boston and travel every few months to our research and development center in Tel Aviv for meetings, I rely on my mobile phone quite extensively when abroad. A few months ago while traveling to Israel, I received a phone call from my wife telling me that she had found us a great new apartment—however, in order to secure it, I needed to transfer a down payment to the realtor. I took out my mobile to quickly complete the money transfer, but soon enough realized that I was unable to transfer the large sum required. My transaction was simply “too risky”. On the go, and without my computer, I suggested my wife use my credentials to log in from home, resulting in an entirely different fiasco requiring security codes, and more security codes. In the end, as a result of this online banking debacle, we lost the apartment; an experience to which I am sure others can relate.
While mobile-banking technology has improved as customers have demanded more out of their mobile-banking apps, current mobile-banking applications allow only simple transactions: viewing balances, making small transfers and requesting withdrawals. However, riskier features, such as adding new payees or transferring large amounts of money (such as a down payment), have not been made possible due to major concerns about security.
Banks have worked hard to reduce the number of account hacks and amount of fraudulent activity, but so far the measures that have been implemented come at the expense of ease of use. In fact, one of the biggest problems customers actually face lies with user friction. Most banks try to keep customer accounts secure from breaches by requiring their customers to remember multiple passwords, answer numerous security questions or provide one-time SMS (Short Message Service) verification codes, making the overall experience of online and mobile banking inconvenient.
Trendy biometrics methodologies such as fingerprint authentication may seem like a good answer, but they are not the security panacea they are cracked up to be. And the recent OPM (Office of Personnel Management) hack is an example of that. All it takes is one compromised fingerprint reader to record your fingerprint, and suddenly your fingerprint is no longer secure. You can change your password if someone finds it, but you can’t do the same with your fingerprint.
Fortunately, there’s more that can be done to improve the online and mobile-banking experience, creating less friction for users while providing the utmost level of security. Simply put, the answer is behavioral biometrics-based authentication.
How does it work?
Behavioral biometrics works behind the scenes, transparently authenticating users in web, cloud and mobile apps, by verifying that current session behavior matches an established user profile created from previous activity. This is based on a number of physiological factors, such as palm size and press size, as well as cognitive traits, such as usage preferences and device interaction patterns, in addition to device and network factors, such as device ID and geolocation.
BioCatch™ recently received two patents for behavioral biometrics authentication. The first, “Method and device for confirming computer end-user identity”, was granted for its “invisible challenges”, or hidden tests that can evaluate a user’s personal responses to a variety of on-screen cues. By processing all of these factors, BioCatch identifies a unique cognitive signature that cannot be imitated, lost or stolen.
The second patent, “System, device, and method of detecting identity of a user of a mobile electronic device” granted in February 2015, is device-based, allowing for the use of touch and the phone’s accelerometer to authenticate mobile-device users. This protection has now been extended to the cloud, enabling app developers to implement BioCatch’s new technology within their own apps. By adding an additional layer of risk analysis and security, banks will be able to reduce friction while protecting their customers, and ensuring that protection is maintained on any device. The technology was developed specifically to assist banks in mitigating the risks associated with the mobile channel, allowing them to add new functionality without admitting new fraud or creating new friction.
The future of mobile banking
Mobile banking is already in use by at least 50 percent of customers at top US banks, according to Business Insider (“The Future of Mobile and Online Banking: 2014”), and that number is only going to continue to grow. Passwords are not going to disappear any time soon, but behavioral biometrics technology can help serve as a secondary line of defense against fraudsters and cybercriminals by continually tracking a user’s activity, noting and responding to any foul play immediately and in real time. With improved security, banks will begin allowing larger and more “risky” features to take place on mobile devices.
Behavioral biometrics gets rid of all of the friction associated with authentication and also increases trust. By using a continuous authentication system, a system in which a user is continually authenticated throughout the duration of a session, the system is able to create a more comprehensive user profile and increase its accuracy. There are no special downloads, or signups required; all users have to do is to be themselves.
Identity theft and fraud will only continue to grow, so in order for customers to begin moving towards a more convenient way of (mobile) banking, it’s imperative that banks work to make customers feel secure. By adding this extra layer of protection, the future of mobile banking won’t be so risky after all.
Photo Attribution: © BioCatch