The main challenge for financial institutions when it comes to shielding their operations from cybercriminals is striking a balance between convenience and security without disrupting the user experience.
The key to authentication is incorporating technologies that ensure the person at the other end of the transaction is who they say they are and to do it with the least possible friction, according to a panel of experts during the webinar “Fraud prevention: How to rob a bank in 2022,” organized by iupana.
“Entities face a ‘trilemma’, if I can use the word; that combination of usability, efficiency and security. How we balance these three factors so that the person can access resources easily, quickly, without too many problems, without costing us a lot of money, and providing everything with a level of security,” said Christian Moreno, specialist in biometrics and fraud for Latin America at Nuance Communications.
“Like it or not, there’s a trade-off between safety and convenience. Something very safe is uncomfortable and something comfortable, it’s probably traditionally been unsafe,” he said.
To strike a balance between these elements, the speakers at the event recommended a combination of technological factors: voice or facial biometrics, ethical hacking, artificial intelligence, and perhaps most importantly, communication with the client, since the human factor is still fundamental for preventing attacks.
“Having passive authentication such as voice biometrics means that I don’t need to interact with the client; but I, as an institution, have all the possible solutions or alternatives needed to be able to collect this information and it will allow me to improve this customer experience,” said Cinthia Lévaro, an authentication and fraud expert for Latin America and the Caribbean at Mastercard Data & Services.
“And I would add the communication factor. It’s important to communicate to customers that we are evolving as institutions, that we’re protecting them and that we’re taking care of that customer experience,” she added.
This is essential because, as a result of the increase in the use of digital financial channels during the pandemic, security violations have also grown. Digital financial fraud attempts rose by 24% globally in 2021, according to a study by TransUnion, an economic and financial information solutions company.In Latin America, the picture is equally critical; Colombia saw a 243% increase in fraud cases, with identity theft the most common method.
Mexico, meanwhile, ended 2021 with an increase of 52% in cases of digital financial fraud, according to Condusef, a government agency for protecting users of financial services.
Types of fraud
The experts described three sorts of criminals that target financial institutions. There are professional criminal organizations, which work 24/7, have their own technology and are a step ahead of banks and other entities.
Then there are the opportunists, who have access to certain information. And finally, there are the people closer to the customers who gain access to their data.
Antonio Ramos, a professional hacker and an expert in social engineering and SIM swapping, said that while fraud methods have been perfected and updated, in essence they are unchanged from 20 years ago.
“All the attacks started 20 or 25 years ago and are still in use, whether it’s phishing, spear phishing or SIM swapping. The crime is committed using the same sort of enhanced digital scams that in many cases get around the cybersecurity measures that we implement in companies,” he says. It’s important to know these methods in order to tackle the problem.
Phishing consists of sending emails or SMS with external links that seek to obtain confidential customer data. They work because the recipient is made to believe it’s their bank that’s requesting a piece of data, reporting a product cancellation or a problem with their account.
SIM swapping, on the other hand, aims to steal a person’s identity using their SIM card, duplicating their phone number in order to access their bank account and steal their money. Faced with this type of fraud, it’s clear that mechanisms such as SMS messages for two-step authentication are starting to become obsolete.
“Identity theft doubled between 2019 and 2020 and also in 2021. There are countless websites where you can check whether a password has been compromised, has been stolen. Then we started to see new concepts such as synthetic identity fraud with credit cards, which has also been skyrocketing,” says Moreno.
Moreno, from Nuance Communications, said biometrics usage has increased 48% from last year. And he said that the combination of biometric and contextual factors are what really give security to operations.
It’s clear that fraud is not going to disappear and, therefore, banks should control their level of risk. And for that it’s important to identify the vulnerabilities in the banking-customer interaction that allow cyberattacks and how they can prevent them.