Each week, it seems as if there is a new organization that has fallen victim to cybercrime. The relentless pace at which fraudsters attack financial institutions, businesses and consumers has significantly impacted the security landscape within the U.S., resulting in initiatives like the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework. Even the Office of the Comptroller of the Currency (OCC) has issued guidance to help protect financial institutions and the account holders they serve. The OCC now expects institutions to have dynamic risk management programs, including adequate customer authentication processes and layered security controls.
Following this guidance is more important than ever, as fraudsters stole $16.8 billion from U.S. consumers last year, according to research from Javelin Strategy. One of the ways fraudsters accomplish this is through tactics like account takeover, which has reached a four-year high.
Account takeover happens when a cybercriminal directly targets a bank account, usually a corporate bank account with larger balances and automated lines of credit. This makes it easier to intercept large sums of money. After a cybercriminal has gained access to an account through online banking, they will add recipients to payroll files or change account information for existing recipients to redirect payments to their own bank account. These changes are often difficult to notice, especially for businesses, which are limited merely two days to report and dispute fraudulent activity. Javelin reports that account takeover victims paid an average of $290 out-of-pocket and spent 15 hours to resolve the fraud. Given the frustrations that come with remediating instances of fraud, many account holders will switch banks after falling victim to fraud.
Clearly, financial institutions are obligated by regulation and their own self-interest to protect their account holders. However, with fraud becoming more frequent, how can financial institutions improve and scale up their fraud prevention efforts while enhancing the customer experience?
With today’s technology and the prevalence of digital devices, financial institutions can balance delivering a frictionless customer experience without compromising on security. By combining several security measures, such as out-of-band alerts, one-time authorization codes with voice biometrics technology and interactive voice response systems, financial institutions can ensure a much higher level of protection for their account holders.
This empowers customers with more control over their account while automating the fraud detection and dispute resolution process for the institution. By leveraging biometrics technology and existing fraud prevention measures, financial institutions can mitigate the risk of fraud and help their customers keep money where it belongs – in their account.
Achieving this level of security does not have to be difficult for the financial institution or the account holder. By creating a list of pre-approved payees with routing and account numbers, financial institutions can monitor for outgoing credits that have a new account and routing number combination. If a new number is presented, the transaction is automatically suspended until the account holder reviews the activity.
This is where biometric technology is useful. If unusual activity is detected, an out-of-band alert can be sent to the account holder, along with a one-time authorization code. Upon receipt of the alert, the account holder then dials the number for an interactive voice response system. Once the system starts recording, they enter the one-time authorization code and then repeat a random phrase to establish voice authentication, and once recognized, the account holder can reject or approve the transaction.
Biometric authentication addresses both the security demands of today’s consumers and the speed at which banking and transactions need to occur. Biometric technology can reliably authenticate an account holder’s identity, enabling financial institutions to raise the bar on security and convenience. And when biometrics are coupled with additional fraud prevention measures, cybersecurity threats can be mitigated.