Multi-factor authentication (MFA) is one important pillar of cyber security in banking. Financial services interests have realised that requiring consumers to provide their personal information before processing transactions can deter data breaches.
And it has worked. Despite the numerous cases of successful high-profile hacking in the past 10 years, involving prominent names in the industry such as JPMorgan Chase and SWIFT, Fortunly believes more people would have been defrauded had there been lax customer authentication policies in place.
However, cyber robbers have managed to exploit a weakness in text-based MFA. In February, The Telegraph reported that Metro Bank and some smaller financial institutions were hacked. The attackers were able to get their hands on the codes sent to customers by capitalising on a flaw in SS7. Telecoms rely on this set of protocols to exchange SMS text messages and calls between one another anywhere in the world.
Clearly, more secure MFA is necessary to protect the integrity of financial services organisations as custodians of sensitive data of billions of people on the planet. This is where biometrics come in.
Unlike texted codes, pieces of biometric data are harder to steal since they are unique to individual consumers. Then again, biometrics are not equal and may not provide different levels of protection.
Fingerprints, as well as finger-vein patterns, are being used by banks to authenticate customers at brick-and-mortar branches. Scanners for both biological characteristics can deliver fast, accurate results, which allow frictionless in-building and ATM transactions.
The availability of scanners in consumer electronics makes fingerprint authentication a feasible solution to boost cyber security. In fact, it has been adopted by the Royal Bank of Scotland (RBS) for mobile banking. With just one touch, fingerprints can authenticate users to complete card payment transactions made via RBS’s mobile apps.
What is advantageous about facial features as biometric details is that they are hard to cheat. Unlike fingerprints that could be reproduced with tape, the distinct qualities of a face could not in any way, shape or form be mimicked.
Voice biometric technology is sophisticated, for it considers up to 80 of the distinguishing vocal-tract attributes of a person. As biological data, the voice is actually more unique than the fingerprint.
Citibank has been using voice authentication since 2016. The consumer arm of the Citigroup analyses the voice pattern of a caller based on a pre-recorded voice print to help detect identity thieves more accurately.
Signatures, keystroke patterns and website browsing tendencies are some peculiar customer identifiers being tested by some banks to prevent fraud. Behavioural biometric tech may require a ton of historical data to be considered helpful, but its readings are claimed to be 99% accurate.
Ultimately, biometrics are imperfect. Physical characteristics and individual behaviours can change, so they can’t be reliable 100% of the time. Nevertheless, biological data is a potent tool for cyber security all banks should adopt to stay ahead in the game of cat and mouse they play with hackers until the next MFA innovation comes along.