Banks ‘struggle to identify online customers’

Nearly one in four (24%) of banks worldwide admit to difficulties with identification of their customers when delivering digital and online banking services, reports Kaspersky Lab.

In its latest ‘Financial Institutions Security Risks survey’, the cybersecurity and anti-virus provider comments that as 59% anticipate growing financial losses due to fraud in the next three years, the verification of a user’s identity should take central stage in the cybersecurity strategies of financial institutions.

With the rise of online and mobile banking, customers are not only becoming victims of financial fraud, but also a major entry point for attacks on banks’ digital channels. According to the research, in 2016, 30% of banks suffered security incidents affecting banking services delivered via the Internet – with phishing against customers and using customer credentials for fraudulent activities as the top contributing factor leading to the attacks.

Banks find themselves in need of security technologies that do not undermine the customer experience: 38% of the organisations surveyed confirm that balancing prevention techniques and customer convenience is one of their specific concerns.

“While thinking of different approaches to secure digital and mobile channels, banks naturally avoid putting too much pressure on customers,” said Alexander Ermakovich, head of fraud prevention at Kaspersky Lab.

“Online banking should preserve its main benefits: as a convenient way of making financial transactions in seconds. That is why we are working on technologies that help to protect both banks and their customers without adding an extra security routine to the user’s experience,”

In addition to two-factor authentication and other security procedures used by banks, Kaspersky Lab recommends implementing dedicated solutions that can help to identify whether a person is authorised, without requiring additional actions from the user.

The group’s own Kaspersky Fraud Prevention platform accumulates and analyses user behaviour, device, environment and session information as anonymised and depersonalised big data in the cloud. Risk based authentication (RBA) assesses possible risks before a user’s login, while continuous session anomaly detection identifies account takeover, money laundering, automated tools or any suspicious processes during the session.



Related reading