Digital fraud has become nothing short of a scourge in the online world, with bad actors pulling out all the stops to scam companies, governments and individuals out of their money or personal data.
The Federal Trade Commission (FTC) reported that consumers lost $5.8 billion to fraud in 2021, a 70% increase from the previous year, and this number is likely grossly underreported. Digital fraud losses will only increase as more and more business shifts online.
Companies cognizant of this threat invest untold sums to keep themselves and their customers safe, leveraging the most cutting-edge technology in existence, such as biometrics and multifactor authentication (MFA). Fraudsters are continually seeking workarounds for these methods, however, and it is only a matter of time before significant loopholes emerge. A company that deploys any single method on its own can face a massive data breach as soon as a back door becomes apparent.
The better tactic is a multilayered security stack, and behavioral analytics can play a vital role in this approach. This month, PYMNTS Intelligence examines the security weaknesses of systems such as biometrics and MFA, explaining why a multilayered approach that includes behavioral analytics is more effective.
Weaknesses in Stand-Alone Security Systems
Any single-layered security system needs just one hacker to find a loophole for the entire system to be compromised, and no individual system is impregnable. Biometrics, for example, has several inherent flaws that make such breaches even harder to prevent. Biometric identifiers, such as fingerprints or facial characteristics, are unchangeable by their very nature, so they will never again be of use to victims if a hacker steals them. Users have also reported that their own physical quirks and characteristics can render biometrics useless — even small ones, such as a scar on a fingerprint, a tattoo or choosing whether to wear glasses or not.
Other companies leverage MFA to keep bad actors out, relying on codes sent to users’ smartphones to verify that they are logging on and not hackers with stolen passwords. This method also has its flaws. Bad actors have been known to preemptively transfer victims’ phone numbers to themselves, thereby intercepting SMS codes and logging into the accounts using those codes. Other fraudsters exploit common security questions, such as the name of a favorite teacher, a mother’s maiden name or a pet name, by scouring victims’ social media, where they can find such information.
The costs of deploying these systems in isolation can be devastating, especially to small businesses, when they result in data breaches. The average cost of a data breach increased 10% in 2021, reaching $4.24 million per incident. Multilayered security and authentication systems are a practical necessity to avoid these consequences, and behavioral analytics can be critical for making them a reality.
How Behavioral Analytics Can Form a Multilayered Security Stack
Organizations’ fraud protection methods need to be as varied as the tactics leveraged against them to ensure that hackers who manage to circumvent one security layer will be foiled by the next. Each defensive layer adds an extra burden on the cybercriminal to develop countermeasures for it. A biometric stack combined with MFA, for example, will require a potential attacker to acquire a false set of fingerprints and intercept an SMS security text to the same person. Merchants that leverage multilayered solutions have reduced their fraud volume and fraud losses by 71% and 12%, respectively, in large part because hackers would rather attack easier targets.
Behavioral analytics is a crucial tool to add to these multilayered security stacks and is most effectively deployed as an additional line of defense after customers have been authenticated via biometrics, MFA or some other method while onboarding or logging in. Fraudsters managing to spoof users’ images or intercept verification codes would still have to type in this illegally obtained data, potentially exposing themselves as fraudulent through their typing patterns or their propensity to copy and paste the stolen information.
Behavioral analytics solutions provider Neuro-ID conducted a case study of a Software-as-a-Service (SaaS) company that reduced its fraud rate by 35% using this method, with the behavioral analytics engine cooperating with the company’s existing password-based system as part of a multilayered security network.
Each facet of the multilayered security system will still need constant updating and testing, as fraudsters are constantly improving their techniques and are eager to exploit any vulnerabilities they can find. Properly maintained behavioral analytics, however, could go a long way toward keeping bad actors from breaching company systems.