The pandemic set off a ripple effect of economic uncertainty that reached virtually every region of the world. Amid COVID-19 restrictions and the operational limitations it created, businesses were forced to reassess their functioning strategies and adapt to a rapidly evolving digital landscape. While digital innovation kept many organizations afloat throughout 2020, an influx in fraudulent activity posed its own challenges.
A recent report by IBM found that data breach costs increased from $3.86 million to $4.24 million, for example — a record breaking all-time high. As a result, companies quickly recognized the importance of enhancing their cybersecurity infrastructures to combat the overwhelming influx of fraudulent activity. More than half of C-suite executives now see cybersecurity as a major focal point of their business plans moving forward.
The transition to remote work has contributed greatly to the uptick in fraudulent behavior and is expected to continue to increase as many businesses forgo a return to in-person work environments. There currently are more than 184,000 fraud cases directly related to the pandemic, resulting in more than $124 million in losses for U.S. consumers alone. Human errors such as opening suspicious emails or sharing company-provided devices accounted for 85% of all employee-linked cybersecurity incidents.
To combat both worker and consumer-related incidents, businesses are deploying innovative tools such as behavioral analytics to detect the subtle differences between genuine users and fraudulent ones. The following Deep Dive examines how behavioral analytics compares to knowledge-based authentication (KBA) methods, including passwords. It also discusses the disadvantages of traditional verification techniques due to factors such as user recycling.
Acceleration of Digitization Brings Prevalent Cyberattacks
Sites that require users to create personal accounts expect the onboarding user to provide a few pieces of basic information, which generally include their names, email addresses and passwords. Consequently, these three pieces of data were most commonly exposed during breaches, with 44% of data breaches including this type of information. One recent report found that compromised credentials account for 61% of all data breaches, which resulted in a total of $56 billion in identity fraud losses in 2020. More than 80% of successful attacks resulted directly from users having weak or recycled password combinations.
The acceleration of digitization has increased user verification challenges for online platforms, as KBA and passwords cannot properly confirm a client’s true identity. The growing sophistication of fraudsters further amplifies the problem, and poor digital hygiene among users enables bad actors to successfully breach conventional security protocols. More than 44% of customers use two to five passwords across all their online accounts, and 16% use the same password for every account.
To make matters worse, approximately 37% of consumers share their personal passwords with other parties, which increased from 25% within the last year. Passwords are particularly susceptible to phishing attacks, and more than 80% of account infiltrations are a result of lost or stolen credentials.
On the financial institution (FI) front, executives historically have relied on a variety of solutions to authenticate consumers’ identities. Such methods include continuously screening their customers for their presence on watch lists, scanning IDs and supporting documents and verifying them during every visit, performing investigations, tracking all transaction activity and routinely investigating accounts for suspicious behavior.
While these efforts may appear effective, they often are highly inefficient, over-complicated, expensive and insecure. Adoption of a single unified platform that aggregates these processes is the only way to accurately validate user identity and weed out cybercriminals while still conceding to mandatory compliance and regulatory procedures.
Customers Prefer Modern Authentication Approaches
As the digital landscape continues to evolve, businesses must look to the future when considering which verification
methods to deploy. The customer experience should be top priority, as two-thirds of U.S. decision-makers stated that upward of 11% of unsuccessful transactions resulted in a loss of subscribers over the last 12 months.
Behavioral analytics assess an assortment of unique customer behavior datasets as opposed to viewing all data as a single entity. This technology is superior in its ability to combine omnichannel transactions, past and real-time consumer behavioral data and device identification to more accurately represent legitimate customer interactions that inferior security systems might improperly categorize as false positives.
KBA methods, while still preferred by some consumers, are losing favor as users adopt more seamless verification methods. Usernames and passwords are used by nearly 75% of respondents who interact with their banks through an online or mobile platform, yet just 42% of customers labeled it as their preferred login method, for example.
PYMNTS’ data supports the hypothesis that consumers desire more modern approaches to identity authentication, even when unavailable. A behavioral analytics model not only reduces friction during the login process, but also better protects users from fraudsters. Stolen login credentials or account numbers are insufficient identifiers for a hacker to gain entry into a company’s personal data system because the technology immediately can recognize other peculiar behaviors and block access. Security professionals recommend the implementation of behavioral analytics into a business’s fraud defense system, especially as more traditional authentication methods grow increasingly unreliable.