Although consumers are increasingly using an array of connected devices to conduct financial transactions, they’re doing so with the expectation that banks and FIs will keep them secure. In the “Digital Fraud Tracker,” Mission Lane’s Gaurishankar Gopalakrishnan shares thoughts on how FIs are using advanced authentication and device safeguards to manage that risk.
An increasing number of consumers are using connected devices such as smartphones to handle their day-to-day activities, such as streaming video, ordering takeout or hailing rideshares.
For the most part, consumers have become used to trusting their personal data to connected devices, but the risk of fraud is an ever-present concern, especially as more consumers use smart devices and the IoT to manage their financial lives.
A key problem for financial institutions (FIs) when consumers connect with their accounts via internet-of-things (IoT) devices is that even FIs with the best fraud protections in place have no control over whether the IoT-enabled devices accessing them do. Devices that lack encryption capabilities, for example, are vulnerable to fraud threats such as distributed denial-of-service attacks, which can overwhelm a server and take it offline.
However, the number of consumers demanding the ability to conduct quick and frictionless financial transactions on connected devices is growing, meaning that ensuring the security of customers’ accounts when connecting with smart devices has become table stakes for FIs.
“It’s good that we can interact and reach people [in] the space where they want to be in, which is with their device[s]. I think it’s truly noble to say that we should try to educate customers, but really, you’ve got to make things simple,” said Gaurishankar Gopalakrishnan, head of enterprise fraud, collections and recoveries at Mission Lane, a FinTech that has helped 1.5 million Americans with imperfect credit rebuild their financial lives.
The Choreography of Simple Versus Secure
An FI’s responsibility, according to Gopalakrishnan, is to give IoT-connected customers the highly secure service they expect. This begins with using authentication processes designed to identify customers while keeping hackers and bad actors out. Methods such as multifactor authentication (MFA) are critical, but asking customers for a six-digit code every time they log in may frustrate them to the point of taking their business elsewhere, he explained.
Consumers prefer solutions that recognize them when they log in, regardless of device, and many FIs have begun using artificial intelligence (AI) and machine learning (ML) to authenticate their customers as a result. These technologies use decisioning algorithms that build on previous interactions through pre-authenticated devices, and they work behind the scenes without customer interaction.
“My customer doesn’t need to know that I have multiple layers of protection — bot detection or whatever. They don’t need to know that, and they don’t mind. My objective is that when a customer is trying to log in, they just look at the phone, and their facial recognition picks it up, and they’re done.”
As fraudsters become more adept at cracking these safeguards, Gopalakrishnan believes it has become incumbent on FIs to use advanced biometric authentication methods, such as facial recognition and behavioral-based assessments as well as fingerprint and iris scans, to keep transactions safe.
The Future of Connected Security
The potential for fraud will continue to increase alongside the growing number of digital “on-ramps” that can attract hackers.
Gopalakrishnan believes it is imperative that businesses and FIs become more digital to succeed in a world with more connected devices. At the same time, he said, providers must require built-in safeguards in the devices that consumers use to help keep information safe. For instance, he pointed out that nearly all smartphones have a unique digital ID, which can help with more specific identification of good versus risky interactions. In fact, he said, those device identifiers are much more accurate than even the IP address that a home internet address contains.
“[The digital ID] is unique to your device, and it can obviously be jailbroken, but for the most part, it’s fairly good. It’s more precise than IP because IP is your general location, your neighborhood or your area,” he said. “It can help me build trust that it is indeed the same device that this customer logged in with last month, and they seem to be making good transactions, and I can build on that trust and build that into my knowledge for the next time you log in or the next time you access your product with a different device.”
He said that FIs can also use AI technology and predictive analytics that “learn” users’ digital behaviors to help determine whether they are potential fraudsters posing as legitimate customers — even on the same devices.
The companies that will thrive in the connected economy are the ones that find ways to use technology to make IoT-enabled transactions safe while keeping them simple.
“Those technologies will continue to improve, and we’ll continue to get to a place where the trust factor increases,” he said. “It’s a constant battle that we fight. On the one hand, what’s good for my customer — and good for my business — is to provide them more services and build that brand trust about using my products online, but at the same time, how do you keep protecting customers in an ever-evolving environment?”
As consumers become more connected, FIs’ survival will depend on their willingness to adopt solutions that foster mutual trust with their connected customers.