In this era of increasing fraud, customers are rightly concerned about the safety of their financial accounts. This concern becomes problematic for financial institutions when security fears suppress use of banks’ online and mobile offerings.
In the wake of last week’s exposure of a massive credit card fraud ring, customers might well wonder what financial institutions are doing to protect the integrity of accounts, or more specifically, their identities. (“Identity is the new money,” says Dave Birch.)
Banks are using a mix of traditional security measures, as well as analytics driven by customer data, to keep the bad guys at bay.
Ben Knieff, director of product marketing at financial crime, risk and compliance software firm Nice Actimize, described two approaches banks use to verify identity online. “First is the single identifier, a strong identifier such as a government-issued ID.” This approach is common in Europe but has not, and probably will not, Knieff said, take hold in the US. That is because resistance to government-issued IDs is truly politically bipartisan.
Instead, US financial institutions use a method Knieff describes as “distributed identifiers,” which simply means several pieces of data — past address, phone number, etc. — that together constitute a strong enough identity for creditors.
The distributed method is far from perfect, as the recent and continuing fraud shows. It is the method that we have arrived at, said Knieff, because of “the simple outcome of the evolution of technology that was unexpected.”
But it is not the only protection banks have. Behind the curtain, data comes into play.
Based on the huge amount of data bank customers generate — more data than banks know how to use, Jim Marous points out — banks can now put security measures in place that rely on analytics to verify identity. Knieff described one such solution. Software can now monitor new customers for their first few months as account-holders in order to build profiles or behavioral signatures, and then measure future actions against those profiles. A simple and familiar example of this would be a transaction occurring in a strange geographic location that sets off an alert in the fraud center.
With human beings in call centers, fraudsters can use “social engineering” to manipulate call center agents into helping the wrong people get into customer accounts. This can unfortunately pit good service against good security. Data can’t be socially engineered.
But this analytics needs time to develop and while it works well in the long-term, it is difficult to bring into play in real time to stop attacks before they can cause any damage.
The Big Data that banks hope to leverage to meet customer needs more closely is already being employed to keep customers safe. Jim Marous recounts that most banks he speaks to use Big Data exclusively for security rather than for marketing in this post, in which he highlights other industries — notably retail — that use Big Data for marketing. We’d like to see Big Data used to help customers find products they want — service and support, not just security.