Trend 3: Authenticating beyond passwords
The banking industry has long been aware of the vulnerabilities associated with certain multi-factor authentication (MFA) methods, particularly one-time passwords (OTPs). While OTPs are popular due to their simplicity and ease of implementation, they carry significant risks. These include susceptibility to phishing, SIM swapping, and message interception. Indeed, banks often have limited control over OTP delivery, as that is typically managed by mobile network operators (MNOs).
The exploitation of OTPs in fraud schemes is well-documented. Repercussions from these attacks extend beyond just financial loss. A bank’s reputation can take a hit, with an erosion of customer trust. Efforts to mitigate these risks often burden users and negatively impact their experience.
Passkeys offer a more secure and user-friendly alternative. They are resistant to phishing and other common fraud vectors, and provide enhanced protection without sacrificing user convenience. They offer a route to truly passwordless authentication.
As Akshay pointed out, “Fraudsters always leave traces.” This idea underscores the value of banks adopting AI-powered solutions to detect subtle behaviors and proactively mitigate fraud risks. Behavioral biometrics is one such approach. Banks can enhance security through mapping the unique digital signatures created by users’ interactions, such as clicks, swipes, and taps. Behavioral biometrics takes recognition technology and marries it to cutting-edge developments in AI, where even the way you normally use your phone – portrait or landscape? right- or left-handed? – enables learnings that can protect you from fraud, for instance when someone else accesses your phone.
Step-up authentication provides a route toward satisfying customer demand for increasingly stringent security, especially when it comes to larger transactions that require more robust measures. One way is to allow customers to authorize large payments in their banking app; once the high-value transaction is triggered within the app, the customer approves it by tapping their physical card against their phone. This enhances security without entirely slowing down the transaction process. The payment card is used as proof of possession – a hardware authenticator – and can thus be used in other use cases for step-up authentication as well, including activation of new cards, app onboarding, and the like.