By Amir Nooriala, Chief Commercial Officer at Callsign
Recent Callsign research shows that digital trust is eroding on a grand scale due to the industrialisation of scams. Consumers want banks and other organisations to do more, with over a third (35%) of UK consumers saying their trust in banks has decreased due to persistent scams spoofing brand names. Genuine users are fed up with being asked to confirm their identities time and time again.
Fortunately, there is a solution to this problem, and it begins with organisations rethinking their approach to preventing fraud. By introducing positive ID, banks and organisations can keep their customers safe from cyber-criminals without damaging user experience.
The huge scam message explosion
The criminality of scams has become so pervasive that fraudsters are using the same channels as we use to authenticate. One example of this is SMS. Many organisations rely on SMS One Time Passwords (OTPs) to authenticate genuine users as they are simple to use and fairly self-explanatory. But SMS was never designed as an authentication system. It’s insecure and can easily be compromised through interception by fraudsters exploiting weaknesses in the SS7 network, or more often tricking network providers to redirect legitimate users’ messages to a device under a fraudsters control. It’s an inherently weak system, so why should the onus be on consumers to protect themselves when the technology they use isn’t trustworthy?
Consumers are asking the same question. 42% of users ask mobile network operators to do more to stop scammers using their platforms, while a third (33%) also ask the same of banks.
Digital Trust is needed for organisations to keep their users safe
When you have been a victim of scamming once, it is difficult to trust again. Users keep their incomes and savings with their banks, and they trust them to keep them safe. Therefore, when an attack happens, they want to know and understand how – and the same applies to personal information. 44% of UK scam victims react with suspicion wanting to know where fraudsters got their details.
Consumers are calling on banks to do more
Users are urging their banks to step up their authentication and digital ID process to keep them safe and combat scammers. And they know exactly how they would like organisations to do that, with more than a third (38%) of UK consumers stating how users should have to prove who they are when logging into a platform.
It comes as no surprise that they are asking for more protection, with users being on the receiving end of this perceived inaction by companies. In response, banks and organisations need to create digital trust by demonstrating confidence in their technology and processes.
How do we combat scams and rebuild consumer trust?
The solution lies in understanding and finding new ways to fight fraud and identify people in the digital world. Existing solutions tackle these challenges by actively identifying fraud, and although this approach is a good starting point, the issue is that a fraudster using stolen credentials looks like a genuine user accessing accounts or executing transactions. Yes, it’s the assumption that you are fraudster rather than a genuine user – when you enter a physical shop you aren’t asked to show your ID immediately are you? However, if banks and organisations focused on identifying only genuine users, this will organically prevent frauds. It is vital that banks do more with multi-factor authentication to ensure they are identifying genuine users.
Layering behavioural biometrics over threat detection device and location data is the most effective way to do this. Through a simple swipe of a phone, typing pressure, mouse movements or device angles, users can be personally recognised to a 99.999% accuracy. In turn, organisations eliminate one point of failure in the authentication process and achieve multi-factor authentication with minimal friction. Meaning that even when credentials have been stolen, the genuine user’s behaviour prevents a fraudster gaining access because the fraudster cannot replicate their behaviour. As a result, genuine customers gain trust in the technology and the process businesses can use.
Understanding the behaviour of real users will allow us to re-establish digital trust and rebuild the relationships between consumers and their banks. The onus is now on banks to embrace the tools that will enable them to do this.