Security

Intelligent Authentication: What Is It, and How Can It Help Financial Institutions?

Financial fraud is on the rise. How can emerging AI-driven authentication tools help banks break the cycle?

Erin Thor is Regional Sales Manager, Financial Services Enterprise, for CDW

Matt Kiesler is a Regional Sales Manager at CDW.

Fraud isn’t a new problem in banking, but it is on the rise. From 2015 to 2018, more than half of banks reported an uptick in external fraud volume and value, with most issues tied to identity theft. What’s more, as noted by the Insurance Information Institute, recent years have seen a massive increase in identity theft attacks: In 2020, the FTC received 4.8 million fraud and identity theft reports. This marks a 45 percent rise from 2019 numbers, driven in large part by the 113 percent increase in identity theft.

As a result, it’s clear that banks and other financial institutions need new ways to shore up security and ensure that only authorized users have access to client and corporate financial data. A class of emerging artificial intelligence-driven technologies related to user authentication can help.

Biometrics Drive Intelligent Authentication for Banks

Intelligent authentication offers a new way for banks to build out effective fraud protection. Instead of verifying users based on familiar — but easily compromised — access conditions such as usernames, passwords and even one-time text tokens, intelligent authentication relies on biometric or behavioral frameworks to help reduce the risk of fraud.

As noted by Finextra, some of the world’s biggest banks are already investing in biometric technologies; KPMG reports that two-thirds of “legacy” financial institutions are prioritizing the shift to voice, fingerprint and facial recognition tools. This aligns with consumer security sentiment: 61 percent of survey respondents say that biometric solutions are at least as secure as traditional passwords.

Along with technologies capable of recognizing fingerprints and facial features, firms are also developing behavioral tools that allow authentication based on conditions such as where or when users typically log in, what they usually do and even how they hold their devices.

Going Beyond Identity and Access Management

Identity and access management (IAM) tools are now table stakes for financial institutions. To protect client data and ensure the right people have access to the right services at the right time, robust IAM is critical.

But IAM also comes with challenges for financial security. While many solutions have moved beyond username/password gateways to include two-factor authentication, these SMS or token-based alternatives are still subject to potential compromise if attackers can carry out eavesdropping attacks or gain physical access to user tokens.

IAM also presents the problem of overly permissive access. For example, once clients or staff have been verified, there’s often no further control, in turn making it possible for users to access systems or services that are beyond the scope of their immediate needs.

This predicates the shift to privileged access management solutions that use a zero-trust model to authenticate users. Instead of assuming user identify based on limited permissions evaluation, zero-trust models require robust verification through biometric or behavioral assessments, and then only provide access to role-based services. For example, while authenticated clients using web portals could gain access to basic account information, access to privileged functions such as large-volume currency transfers or investment purchasing could be gated by additional layers of intelligent authentication.

Implementing Intelligent Authentication

While more security is tied to better overall protection for banks and clients, simply adding new services without consideration for existing environments can increase overall complexity and reduce security in situ. As a result, banks must consider three factors for effective authentication:

Is current infrastructure capable of handling the requirements of biometric or behavioral solutions such as storage capacity, bandwidth and resource availability?
How will new intelligent authentication solutions interconnect and interact with existing systems, especially those tied to legacy mainframe solutions?
What does implementation look like in practice? Here, banks often benefit from expert third-party assistance to vet potential solutions and determine the best deployment strategy.

Implemented at scale and backed by zero-trust solutions, intelligent authentication can help financial firms reduce fraud, streamline access and improve customer satisfaction.

This article is part of BizTech's EquITy blog series. Please join the discussion on Twitter by using the #FinanceTech hashtag.