With Mobile Transactions Comes Mobile Fraud
With the increase of mobile commerce brings a parallel increase in fraudulent mobile transactions,...
Banks have been increasingly pressured by the competitive financial services environment to constantly seek methods to reduce costs, increase services, and make customer interactions as efficient and convenient as possible. Not only do banking institutions face pressure from their old-economy competitors – other banks, credit unions and savings & loans – but also from a slew of new entrants. Mobile payment companies like PayPal and ApplePay, have intruded on some parts of their businesses, while new pure internet “banks” have been honing-in on the deposit, consumer lending and mortgage industries.
The obvious and inevitable response by traditional consumer banks has been to try to make it more convenient for clients to do business with them. Strategies to achieve this have focused on making it easier for customers to bank on their own terms. Many clients - even older more traditional consumers of banking services - find the opportunity to decrease the need for branch visits - or eliminate them altogether - a highly desirable option. Giving customers the ability to bank remotely, via the internet (e.g. “browser based”) or on a mobile device (e.g. “app based”) is the cornerstone of most banks’ current strategies to retain and acquire customers.
Perhaps more than any other type of business, banking and financial services firms rely on the sophistication and ease-of-use of their remote banking applications to attract new customers and keep them. Regardless whether the interaction is via a desktop-based browser, or a unique mobile application installed on the clients’ mobile devices, the functions available have gone far beyond checking account balances. Today’s remote banking and financial customers can transfer funds, pay people, pay bills, deposit checks, trade stocks, and make payments.
As a result, the security of these remote access points to personal financial accounts must be very secure.
For many banking customers, being forced to visit a bank branch in order to conduct basic account management and financial transactions is considered an extreme nuisance. This is particularly true of the under-30 demographic who have grown-up seeing much of the world through hand-held mobile devices. According to the Millennial Disruption Index, as ongoing technology and demographic changes occur, banking is one of the industries that will be most-susceptible to disruption.
The best way, then, to acquire new clients among the up-and-coming “millennial” generation is through some form of remote account opening process. Even if the initial account is for a relatively low-value checking or savings account or a limited credit line, the low cost of the interaction and the automation of the new account process can make the practice worthwhile and profitable.
However, banks offering mobile onboarding need to ensure that fraudsters are prevented from exploiting their remote automated services. Whether to achieve compliance with federal regulations requiring that a bank “know” who they are transacting with, or simply to reduce losses that may result from fraudulent behavior, identity authentication is essential.
There are several ways that remote identity authentication software can be used to ensure identity proofing is done right.
The current best-practice when signing up a new customer at a branch location is to ask the applicant to provide proof of their identity – typically some form of government-issued credential document such as a driver’s license or a passport. The bank employee then tries to verify that the document is genuine, and that the face on the ID matches the person opening the account.
Unfortunately, humans are not necessarily well trained or very skilled at recognizing fake ID documents. Fortunately, there’s an app for that. FraudFighter’s newest product, ID App, uses a mobile-device, like a smart phone or a tablet, and a document library of over 4,000 global identity documents to capture images and analyze the security features of an ID to help ensure it’s not a fake. ID App can also conduct facial-comparison and facial liveness tests.
Biometric software can perform the critical facial-comparison function faster and with greater accuracy than a human being. Software is much better at this than humans because most people are notoriously bad at one-to-one comparisons. Many people will mistakenly think that a photo matches a live face if only one or two of the major features - such as hair color and skin-tone - are the same.
Facial matching software works by logging numerous physical features and the dimensions and ratios between these features. The software isn't looking at the face, as a whole, but rather, looks at specific physical features and makes point-by-point matches to ensure that the person whose face is being verified matches the image on the document.
In order to make sure that facial recognition software being used on remote banking applications are comparing the actual applicant’s face against the image on the ID document, a "liveness detection" measure should be used, such as detection of eye-blinking or other facial movement. This will make it extremely difficult to impersonate the person on an ID document by using a picture of that person in place of a live-facial image.
In the modern age of identity theft, a potential ID thief has access to millions of stolen personal identities and expertly-made forged documents. This is why biometrics can be useful to identify them. It’s possible to use a biometric signature, such as their facial image, to search databases of known fraudsters. If there’s a hit, it’s prudent to refuse the remote transaction and request the individual to come to a branch in order to complete their transaction.
The need for bank branches fades as new payment methods further reduce the use of cash. But customers will still need a trusted relationship with their banks. Biometrics and ID document authentication technologies can help banks acquire new customers and deliver high-value services without the need to have them physically come to a branch location.