By Andrius Sutas, CEO and co-founder of AimBrain
Passwords have been historically employed to keep user information safe. But in 2018, there are more risks online than ever before. In Q2 of 2018, for example, cybersecurity giants Kaspersky detected 61,000 installation packages for mobile banking trojans, more than double the number from Q1 2017, and three times more than in Q12018. So, while mobile banking offers many opportunities – new products, superior segmentation, remote onboarding, etc. – it also poses new challenges. How, then, can banks and financial services organisations protect themselves without sacrificing the freedom and flexibility offered by innovative technology? How can they safeguard customer data when passwords alone never offer complete security? And how can they do this while complying with legal requirements? It all comes down to layered biometric security.
Layers of security
In the modern world, the best security systems are layered. The key is that no one thing will offer total protection. A strong password is good, but it can be broken or stolen. The same is true of personal data used to verify a user’s identity, such as a mother’s maiden name.
Biometric data is more promising. It is easier to steal a password than someone’s face or fingerprint, after all.And biometric verification focuses on the user rather than their device. But simpler biometric methods can still be vulnerable, such as when criminals use recordings to bypass voice authentication. So, you cannot rely on a single biometric check alone.
If you use multiple layers of security, however, customer data will be much harder to hack. And with a combination of biometrics, detection tools, and passive bot detection working together, you and your customers can be confident your data is being kept safe.
Biometrics upon biometrics
Biometric security uses many forms of physical data to identify users, including fingerprint, retina, face and voice recognition. And while none of these are 100 percent secure by themselves, together they create a formidable obstacle for hackers.The best approach is to use a mix of physical and behavioural checks, creating a unique security matrix that hackers cannot bypass.
How does this work in practice? AimBrain’s AimFace//LipSync solution is one example of deploying multiple biometrics in a single step. It combines facial authentication with a voice challenge and lip synchronisation analysis.Customers set the access information for their account by taking a selfie and reading a randomised number. They then use the same process to access their account.While this check is quick and easy for the correct user, it also sets multiple hurdles to stop cyber criminals from gaining access to the account. This proves that security does not have to come at the expense of usability. Though it may sound simple,itis this multi-step approach to security that puts every harder obstacles to overcome in the path of the hacker.
Smart detection tools
Biometric checks can be strengthened using the latest anti-spoof and liveliness detection tools. These combine simple user challenges with time-sensitive outcomes built on a foundation of artificial intelligence. For instance, we can augment facial recognition with in-session audio prompts. This,again, highlights two strengths of biometric authentication:
- It makes life easier for the real user, as they always have the method for accessing their account with them (you can forget a password, but not your own face).
- Despite users’ biometric ‘data’ being in plain sight, with smart detection tools offering added protection, there is no way for cyber criminals to take advantage.
Layered authentication can therefore help banks and financial services organisations guard against modern security threats, but without inconveniencing legitimate users.
Passive bot detection
However, prevention is better than a cure, so passive bot detection is a key part of the security mix.This involves using industry or institution-specific fraud data with a passive anomaly detection module, training it to look for signs of suspicious activity. It will then alert you if it detects anything unusual.
And while this is primarily useful for catching bots, it can also detect suspicious behaviour from manual (i.e. human) users as early as the onboarding stage. As with the tools described above, this adds an extra layer of protection for company and user data.
Moving beyond the password
Passwords may have been the default for protecting user data until now, but they are looking increasingly old-fashioned in 2018. In the modern world, banks need to guard against fraud by anticipating it and creating layered authentication checks that are impossible to beat. The best way to do this is by working with a biometrics partner. This will help you move beyond the password paradigm, toward a future where the focus is on authenticating customers, not their devices, helping you to defend against attacks on data and assets.
AimBrainis a BIDaaS (Biometric Identity as-a-Service) platform for global B2C and B2B2C organisations that need to be sure their users are who they say they are.