We need more than biometrics to tackle cybercrime

The evolving threat of cybercrime is now a daily consideration for most financial organisations. As online fraudsters find new ways to steal people’s identities and online banking information, financial organisations need to innovate to create solutions to new threats. It’s an ongoing fight that may never be truly won by either side.

In the meantime, the fight is starting to amass casualties. Recent research by Intelligent Environments, which produced a cybersecurity map of the UK, indicated that one in five British consumers has fallen victim to cybercrime. Londoners were found to be the most likely to have been victims, with 27% of survey respondents in the city saying they’ve been affected, while Norwich citizens are the next biggest sufferers at 23%.

It’s a worrying state of affairs that so many consumers and businesses are now affected by cybercrime, but one potentially positive outcome is that these incidents appear to have instilled a greater awareness of our online security. The research showed that Birmingham residents were the most concerned about their online security in the UK, with 57% of Brummies concerned their banking details could be stolen online. Newcastle is the UK’s second most cybersecurity-conscious city at 52% expressing concern, and Edinburgh is third at 50%.

A united effort

It’s encouraging that people are taking their online security seriously, but while staying safe online requires a certain amount of action from customers themselves it’s not just a job for them alone. Financial institutions have an active role they can play in making sure their customers don’t fall victim to cybercriminals – and responses to the survey indicates that their greater contribution would be welcomed.

Almost one in three (30%) of the survey respondents said they would like their bank to offer advice about how to stay safe online. Financial institutions need to be educating their customers on what to watch out for when making online purchases and helping them better understand what to do when things go wrong.

Another, increasingly popular, method of keeping people more secure is biometric security. Apple’s Touch ID system and Apple Pay have helped iPhone users become much more comfortable with this technology. Increasingly we’re seeing biometrics deployed more widely than just to access or pay for something using a mobile device.

MasterCard has announced that it is introducing ‘selfie pay’ to 14 countries this summer; indeed it is being promoted as the next stage of e-commerce. Barclays has launched finger vein scanning capabilities for business customers and Halifax has trialled a heartbeat verification system using an electronic wristband.

In China, Tshighua University and Tzekwan Technology have developed the world’s first facial recognition automated teller machine (ATM), which maps facial data and matches it against an ID database, authenticating users by using both facial feature and iris recognition.

Such technologies are popular, and they do a great job of raising awareness of cybersecurity by capturing the public’s imagination, but it’s important to remember that they are only a perimeter defence. Preventing cybercrime requires banks to not only bolster the perimeter defences, but to keep their eye on what’s going on inside the walls as well. If those walls are breached it means the criminals have got in, and suddenly there is little that can be done to prevent them doing as much damage as they want. Given the current cybersecurity climate, the finance sector needs to consider enhancing biometric systems with protection software that monitors user behaviour to detect a possible security breach, and tackles it immediately.

A behavioural issue

Intelligent Environments has been active in this area; its research team has developed a piece of software that can provide ‘attack-aware’ security, which can cope with cybersecurity threats in the application tier in real-time. Called AppSensor, the security software enables banks to augment traditional firewall systems with behavioural analytics at critical points in the banking application.

Using artificial intelligence algorithms, the software learns what typical user behaviour looks like so that it can spot abnormal behaviour, flag potential security risks and deal with problems as and when they happen. It also enables banks to learn more about hackers’ behaviour, and in the long run can help them better understand how to cope with developing threats.

Biometrics are not infallible; nothing is. They can however make digital banking services easier to access and, as part of a layered authentication solution, more secure. Where they’re potentially most important though, is in getting customers to think more about their online security, and adapt their behaviour to avoid becoming yet another victim of cybercrime.

As technology evolves, criminals evolve along with it by becoming more sophisticated and harder to spot as a result. To tackle the burgeoning threat – rather than sticking with tried-and-tested methods that may swiftly be rendered inadequate – banks and financial organisations need to be ready, willing and able to move ahead of the criminal element. But it’s a combined effort, and little by little, with both banks and customers doing their bit, we may start to move in the right direction.

277 views

Related reading