We’ve read it over and over – the mobile revolution is here, it is not going away, and it is changing the way we do everything. From how we engage with our friends and family to how we run the appliances in our homes, mobile accessibility is impacting virtually every aspect of our lives.
Finance and banking is no exception. RateWatch recently conducted research showing that 81% of the financial institutions they surveyed are offering mobile banking services.[1] Global mobile payments are predicted to pass $1 trillion by 2019,[2] and consumers are embracing payment platforms ranging from Venmo and Zelle to Android and Apple Pay.
Consumers and FIs may be jumping onto the mobile movement, but mobile risk management is still a significant issue. One research study found that 100% of mobile banking applications tested were vulnerable to hacking, which should raise more than a few eyebrows.[3] Another report found that 2 out of 10 companies have already experienced a mobile cyberattack.[4]
There is clear evidence that managing risk in the mobile-first economy is a top priority for FIs and consumers. Here, we explore tactics that individuals and organizations can take to keep their financial lives secure in the evolving mobile landscape.
Consumer Tactics for Mobile Risk Management
Personal responsibility is one of the most important aspects to protecting financial details. As a first line of defense, consumers should be aware of – and using — the physical security measures that their mobile device provides.
Setting a PIN for logging into the device is the minimal first-line defense. While it may seem like a very basic step, research shows that “34 percent of users don’t lock their devices, and 62 percent of those who do have an easily hackable code such as 1-2-3-4.”[5] When setting PINs, consumers should using unique codes that are not associated with any other accounts or login information, and they should not share PINs with outside parties.
Biometric identifiers provide another available security layer. Fingerprint verification and iris scanning technology offers additional security in the event that a device is lost or stolen. As a final measure, consumers can enable settings that erase all the data stored on a device after a set number of failed login attempts. While this option is drastic, it may be the best approach for preventing unwanted access to personal details, including financials.
Organizational Tactics for Mobile Risk Management
FIs also have quite a lot at stake when it comes to mobile risk management. From irate customers and loss of assets to infiltration of systems beyond the mobile apps, FIs have a vested interest in making mobile and online banking as secure as possible. The balancing act? Having that security without making it difficult for legitimate customers to access their accounts.
For FIs, mobile risk management can start during account opening and continue throughout the account management process. First-line defense measures can, and should, include device authentication. One common approach that can be used in both onboarding and account management is multi-factor authentication through tokenization.
During the account onboarding process, FIs can create an initial device “signature” using the process of tokenization, assigning a unique numeric value to the device. Subsequent login attempts will verify the token value assigned to the individual device. FIs can add in additional layers such as consumer-input PINs or one time access codes to further verify and authenticate the legitimacy of a customer interaction.
FIs also have authentication tactics at their disposal that extend beyond tokenization. One option is geolocation or “geo-fencing,” which uses the physical location of the device submitting an application. FIs can examine the device location to verify that it is associated with the account. If the geolocation shows that it is in a physically distant place or originating from a highly suspect location, FIs can flag the transaction for fraud and alert the account owner.
Using many of the same technologies available to consumers, FIs can also implement biometric measures like fingerprint or iris scanning to help mitigate risk in the account management process. While these options do introduce another layer, one study shows that a majority of consumers (65%) are willing to use fingerprint authentication.[6]
Multi-tiered and Conceptual Approaches to Managing Risk
Existing authentication and reputation technologies are available today for FIs to manage mobile risk. There are, however, additional approaches that innovative organizations are actively using or investigating in the ever-evolving fight against fraud.
Behavioral biometrics and prescriptive analytics are a unique new way to layer security into the account application and management process. Companies can tap into new technology that evaluates how a consumer interacts with an application or a transaction and assign the interaction a score value.
This approach, provided by Zoot partner Neuro-ID, enables companies to ask specific application questions aimed at uncovering the risk of fraud. The questions, and how the applicant interacts with them on the screen, contribute to a proprietary confidence score that FIs can incorporate into their overall scoring models. When paired with a mobile application process, prescriptive analytics can help FIs identify potential fraudsters during the application process.
Conceptually, both artificial intelligence and blockchain technologies could fight mobile fraud attempts. While blockchain currencies like Bitcoin and Ether do have consumer support, FIs have not moved as quickly to adopt blockchain-enabled account opening or management practices. In theory, using blockchain-based technology for mobile transactions could include specific markers in the blocks that verify both device and user identity, although the decentralized nature of the blockchain does pose regulatory and compliance questions for the FIs investigating the technology.
Artificial intelligence is another conceptual avenue for managing risk in a mobile-first world. By employing advanced algorithms, FIs could use machine learning to identify patterns in mobile fraud and take the appropriate steps to safeguard against them.
For example, an AI-enabled fraud platform may identify clusters of fraudulent applications within a specific time frame after a data breach, or coming from unique locations. FIs can use that insight to make an informed decision about deploying additional fraud mitigation efforts, like voice authentication or one-time-password requirements, for applications flagged by the AI-enabled platform.
Innovation and Evolution
Managing mobile risk is an ever-changing undertaking. FIs and consumers can continue to use existing tactics, like locking mobile devices, tokenization and fingerprint scanning to combat mobile fraud today.
As technology advances, tactics to minimize risk will continue to evolve – as will the techniques fraudsters use to commit their crimes. Innovation in application screening techniques, mobile transaction processing and more will impact the risk management landscape. Successful organizations will be those who embrace the changes through testing, evaluation, and deployment.
Wondering how to incorporate mobile-centric fraud efforts into your organization? Contact Zoot to learn more.
[1] https://www.iot-now.com/2017/01/19/57626-building-business-case-mobile-banking-security/
[2] https://www.statista.com/statistics/226530/mobile-payment-transaction-volume-forecast/
[3] https://www.cyberscoop.com/testing-pradeo-100-percent-mobile-banking-applications-vulnerable/
[4] https://blog.checkpoint.com/wp-content/uploads/2017/04/Dimensional_Enterprise-Mobile-Security-Survey.pdf
[5] https://www.mobilepaymentstoday.com/articles/understanding-the-risks-of-mobile-payments-technology/
[6] https://www.javelinstrategy.com/press-release/future-biometrics-here-are-consumers-willing-adopt
