PYMNTS-MonitorEdge-May-2024

Multi-Factor Approach Protects Banks From Fraudsters Seeking Vulnerabilities

Caitlin Sinclair, director of proposition development, financial crime at GIACT, an LSEG business, noted in an interview that banks’ customers (consumers and enterprises) are prime targets for fraud — well beyond the points of making transactions and sending money.

In fact, the vulnerabilities are in place before the payment has even been sent.

“When we look at the vulnerabilities that businesses have in terms of the data that they’re storing and in processing information,” she told PYMNTS, “they exist, really, across the customer lifecycle.”

At the point of enrollment or onboarding all the way through to the transactions, there are all manner of mechanisms employed by fraudsters to infiltrate different processes.

Multi-Faceted Approaches

And that means that the organizations — financial institutions (FIs) among them — need to implement a combination of different approaches to thwart bad actors’ efforts. A multi-faceted approach, Sinclair said, can help craft the best lines of defense, where multi-factor authentication and one-time passwords are arrows in the proverbial quiver.  

But in crafting that multi-factor approach, Sinclair noted, technology needs to be embraced and deployed that in turn harnesses alternative data and adds robust levels of verification to move beyond the confines of just collecting names, addresses and dates of birth.

She added that behavioral biometrics can help identify users — and can speed and improve transactions, especially with recurring users who don’t have to re-key information every time they seek to make a payment on that platform.

“A lot of it,” she said, “comes down to designing a solution where the types of data that you’re collecting are appropriate for the transaction and the business that you are doing.”

Among GIACT’s areas of focus is bank account verification, but she added that the use case or dollar amount could conceivably affect how much additional due diligence might be needed — especially, for example, in the case of a higher dollar transaction, where a bank may be providing loans or holding assets on behalf of clients.

Open Banking Gains Ground

The rise of open banking, and permissioned data (and decentralized identity), said Sinclair, offers up new avenues of connectivity, and can tailor the information provided by the banking customer to fit the transaction. Decentralized identity also reduces the amount of sensitive data and information that clients are storing in one place, which reduces the risk (and the attraction on the part of the cybercriminals themselves).

Sincliar told PYMNTS that a basic use case might center around a retail banking client with a checking or cash account, who then wants to go on to open a credit card account.

Using advanced technologies and open banking, said Sinclair, “you would be able to pull additional relevant information from the open banking connectivity in order to facilitate this — and there’s a core, baseline of information already established.”

The same principles apply to B2B payments, she said.

“We see a lot of the same kinds of fraud happening,” said Sinclair, as business email compromise and phishing attempts have been favored means of attack. KYB processes, she said, have become increasingly important, she said, so that supplier payments can be sent with safety and supply chain management itself improves.  

“The aspiration,” she told PYMNTS, “is that payments become more seamless for any of the users involved.”

PYMNTS-MonitorEdge-May-2024