Traditional banks and fintech firms have to adopt a secure and resilient digital identity system capable of preserving the privacy of their customer base.
Globally, attacks on the financial sector surged 238 per cent in the first quarter of 2020, with 80 per cent of financial institutions reporting an increase in cyberattacks. Cyber threats are multifold, with pandemics leading to the rapid digitalisation of financial services.
On the flip side, digital identification in the financial services industry assists businesses in establishing trust with their customers while also ensuring transaction security. Moreover, money laundering charges pop up with online banking and crypto exchange platforms. As a result, law enforcement agencies have mandatory compliance with Know Your Customer (KYC) and Anti Money Laundering (AML) directives. However, ignorance comes with a cost. Over 12 of the top 50 banks in the world were penalised for AML, KYC, and sanctions violations in 2019.
A robust cyber resilience strategy is crucial for financial players, including traditional banks and fintech firms. They have to adopt a secure and resilient digital identity system capable of preserving the privacy of their customer base.
Tools for keeping an eagle eye
Financial service providers cannot rely on traditional methods to authorise high-risk activities. Thus, they utilise several identification technologies in fintech applications to strengthen fraud monitoring and improve customer experience.
The application of biometrics existed for decades, but 2012 was special – Apple’s purchase of AuthenTec to introduce fingerprint authentication in the iPhone 5S gradually made it proliferate into customer products. The fingerprint is among the most widely used biometric ID choices banks offer. Similarly, payment cards with inbuilt fingerprint ID were rolled out in the past by Mastercard and Visa.
It is a convenient alternative to PINs and passwords. When a simple tap is enough, who wants to spend time typing in a long string of letters, numbers, and characters? But there is a cost attached to this convenience. A study by Kraken Security Labs demonstrated how a fingerprint scanner could be hacked by taking a photo of the target’s fingerprint. However, technology can evolve to tackle such issues.
To spot a fake one, fingerprint sensors employ static analysis, dynamic analysis, and AI-enhanced recognition that consider various biometric identification parameters, such as skin flexibility, sweat pores, and blood flow detection to reduce the chances of fingerprint spoofing.
Recently, Mastercard rolled out a “smile to pay” system designed to provide customers with facial recognition-based payments. The solution will connect a number of third-party biometric authentication systems with Mastercard’s payment infrastructure.
Facial recognition is one of the most convenient biometric modalities. Financial services providers use facial recognition technology to authenticate their users in real-time, while fraudsters face increasing challenges with multi-factor authentication.
But technology comes with a high risk of impersonation. There is the easy availability of facial images of a given person on the internet. A hacker may attempt to utilise a “spoof” image of the person they’re impersonating. This is why it’s critical to use anti-spoofing tools. To that end, facial liveness detection is a potential solution. It uses computer vision technology to detect if the person is in front of the camera, live and real, instead of a fake video or a picture.
Voice recognition technology
Vocal biometrics technology recognises a person’s voice characteristics and speech patterns for authentication. This is feasible because each person’s vocal apparatus has distinct phonetic and morphological characteristics. The usage has gone beyond just asking for the account details. For example, Garanti Bank in Turkey launched the Mobile Interactive Assistant (MIA), a voice-based assistant, that allows clients to conduct financial activities. MIA provides answers to questions regarding recent account activity, facilitates transfers, allows users to buy or sell foreign currency, and provides exchange rate information. All of this without typing a single letter on the phone.
However, challenges exist. Chinese tech giant Baidu developed a new AI algorithm to create a deepfake of someone’s voice. With the help of ML software, Hackers impersonated a CEO and ordered colleagues to wire hundreds of thousands of dollars to a fraudulent account. Additionally, as per a team of academics from the University of Eastern Finland, voice biometrics are subject to spoofing attacks through speech synthesis, voice conversion, and replay attacks. Introducing screening protocols, sending alerts if anything appears to deviate from customers’ typical past patterns, and filtering techniques to differentiate between real and fake voices need to be considered.
Digital signatures are now an important aspect of the banking sector’s digitisation plan to facilitate online transactions. They have been increasingly secure over time as more information has been added to the key and other forms of encryption have been used. In addition, advanced electronic signatures have introduced an extra layer of security by allowing users to control the private key and detecting when data has been tampered with.
Look on the other side, one of the renowned e-signature companies for official documents, DocuSign, was hacked. It was used by 12 of the top 15 US financial services companies and many real estate agents to give a glimpse.
The biometric technology enables customers to log in with their faces and authenticate transactions or payments by looking at the camera, making it easy. Moreover, the technology is seen positively by 74 per cent of consumers worldwide, and the market for contactless biometrics technology is expected to reach $18.6 billion by 2026, thus a ripe ground to play on.
If you liked reading this, you might like our other stories