As we continue to transfer more and more of our daily routines and activities online, the security risks are inevitably rising. Fraud involving highly sensitive payment details is a frightening prospect for the everyday consumer and according to fraud prevention agency Cifas, this particular form of crime is on the rise.
One of their recent reports found that the number of victims of identity theft rose by 31% to 32,058 in the first three months of 2015, compared to the same period in 2014 – with criminals increasingly using internet forums to buy and sell data.
Clamping down on payments technology and implementing increasingly tight security controls may seem the obvious approach for banks in the face of this growing issue, however financial institutions are facing a complex juggling act between protecting consumer data and providing the simple, easy-to-use service that today’s customers demand.
The explosion of new payment providers offering innovative and faster services is proof of the value consumers place on convenience when it comes to making online payments. The subsequent competition in the marketplace has led to payment providers, established technology companies and challenger brands alike competing to reduce the barriers to entry for consumers. The ultimate goal is to achieve a ‘one click’ or even a ‘zero click’ process for users to authorise payments. However, as many of these payments providers operate outside the normal avenues of finance, this brings further concerns for consumer security.
Traditional banks are keen to support access to digital payments and online or mobile banking, all the while keeping their customers safe. As such, many have introduced security tools such as card readers to enforce two-factor verification. However, forcing consumers to carry around supplementary technology components contradicts the purpose of using smart devices for easy access to payments and banking and reduces the benefits of speed, flexibility and simplicity that these services should offer.
Security for today’s payments landscape
Faced with this dilemma, many payments firms and banks have recently looked to biometric authentication to help navigate the line between security and usability. Thanks to the introduction of fingerprint scanning in a number of mobile devices, including Apple iPhones, biometric technology has recently moved into the consumer conscience. This is an example of static biometrics, which is typically based on a user’s physical attributes.
With static biometrics, authentication is generally carried out at point of entry – the moment that a user connects to a service, whether on a PC or a mobile device. The main concern with this form of authentication on its own, is that it does not account for the user during a session.
Behavioural biometrics has stepped in as an additional layer in the authentication process. This technology takes into account details such as the way in which a person interacts with a device, the force with which they hit a key, the angle they use to swipe a touchscreen, or their typing speed.
Unlike traditional security techniques, such as passwords, or card readers, which require customers to pass through a series of stages in order to complete a payment or online banking service, behavioural biometrics answers consumers’ desire for minimal disruption, in that it does not require anything of the consumer that is outside of whatever it is they’re doing already in that particular session – whether making a payment, or checking their bank balance. Authentication sits in the background of a website or app and as it is based on how users act, rather than what they know, it is not called out as an explicit security step. Instead the user is continuously assessed to ensure they are who they say they are – not just at point of log-in, but throughout the entire process.
Behavioral biometrics is ideally suited to mobile payments thanks to the variety of sensors that are available on these devices, providing a rich set of biometric data. Users will brace stronger authentication if it is simple to use, and time efficient. This is particularly true on a mobile device, where the user may be swapping in and out of apps. Moreover, when banking on their mobiles, people are often on the go, and generally hoping to complete the function as quickly as possible- they don’t want to spend 45 seconds of a 60 second session getting through security barriers.
In the Nordics where behavioural biometrics has experienced wide penetration in the banking industry, online banking has risen from twice a month to 15 to 16 times a month on average in recent months. This suggests offering a smooth authentication process can play a part in impacting user behavior. Nonetheless, a bank’s security offering is never going to drive customers to switch banking providers. The industry has to focus on the overall customer experience to drive loyalty – and creating a seamless process for digital engagement with the bank is a key part of this.
Contradictory consumer demands
The complex task of providing consumers with the ease of use they desire, while implementing the level of security they need does not stop there. Security experts are also forced to navigate consumers’ perception of security. While banks and payments operators are working towards the nirvana of truly frictionless, yet secure banking and payments, there are instances when we as consumers want – or at least expect – to have our user experience disrupted.
The key is for the level of security disruption to equate to the service which we are trying to access – if the risk at stake is higher, the security barriers should match this. However, we should not be faced with multiple barriers when a smooth, simple solution would be just as effective and preferable. When it comes to making payments from our smart devices, we want rigorous security that offers us flexibility with minimum interruption.
As the payments landscape continues to evolve, the security space is going to be forced to keep pace with it. It’s an exciting time for both industries and we’re going to see a lot more fast-paced developments emerging from the biometrics space, as technology giants and banks alike look to improve both the user experience and security associated with this lucrative market. Ultimately, consumers rule when it comes to technology developments and it’s up to security and payments experts to navigate their complex and often contradictory demands.
Neil Costigan, CEO BehavioSec