How Challenger Banks Can Fight Rising Fraud
Digital banks are rapidly rising in popularity for a number of reasons, including the convenience of banking anywhere, anytime and the agility of international multi-currency transactions. However, these ready-access banking services make challenger banks an attractive target for cybercriminals.
The ability to quickly create new accounts and easily transfer money results in a favorable environment for fraud. Attackers trick customers into approving transfers to fraudulent accounts, a financial scam known as authorized push payment (APP) fraud. As banking embraces more mobile apps and online services, APP fraud is growing with losses predicted to hit $6.8 billion by 2027.
The Struggle to Balance Innovation and Security
Revolut, a digital-only financial institution with more than 45 million customers worldwide, recently made headlines for large numbers of APP fraud reports. They are one of many financial institutions dealing with attackers who are continually looking for ways to bypass or disable authentication security measures. This constant state of attack makes it difficult to balance security that keeps pace with growing cybercriminal activity while also keeping up with the demand for innovative digital services and competitive customer experiences.
For challenger banks like Revolut, many of the controls that help to fortify security in traditional banks are inherently absent. Without physical bank locations, there are no in-person account setup processes, face-to-face transactions or defined geographic parameters. Additionally, digital banking involves high volumes of API connections to integrate third-party capabilities and data stores. Protecting access to customer data and assets in this business model requires advanced identity and access management (IAM) tactics that draw from the latest authentication best practices.
CIAM Designed for Future Trends and Threats
The evolving nature of digital-only banks, cyber threats and security regulations means these financial institutions must always focus on what’s next. Business leaders, cybersecurity and identity and access management teams are constantly scanning the horizon for the next attack trend, the next customer expectation, the next legal mandate and the next competitive advantage. Establishing authentication capabilities and practices with these moving targets can be challenging.
For challenger banks, authentication and identity and access management can’t be a point-in-time solution. It must be adaptable to future threats and stressors in addition to handling today’s business demands and attacks. Digital banks need nimble, flexible identity and access management designed specifically for the unique security and usability demands they face.
Some of the characteristics of an effective identity and access management solution for digital banking are:
Token-based Architecture
Zero-trust architectures, enabled by token-based authentication, help ensure that only the right people have access to data and services. Using tokens instead of raw data provides several critical advantages. It makes it more difficult for threat actors to exfiltrate information or perform cross-site scripting attacks. It also keeps valuable identity data out of browsers and facilitates mobile, browser-less authentication.
Adaptive Authentication
Multiple authentication methods, like biometrics, passkeys and SMS authentication, are important capabilities. They become even more valuable when combined with contextual clues that can trigger additional layers of authentication. For example, if someone is trying to log in from an unusual location, or the transaction amount is particularly high, requiring another authentication step could help prevent nefarious activity.
Customer Journey Orchestration
The ability to customize carefully planned customer experiences from login to ongoing access to services and data is not only key to inspiring customer loyalty, but also critical to security. An identity and access management solution that offers the flexibility and control to create finely tuned customer journeys supports the complexities of digital banking.
FAPI-Certified
Financial institutions, particularly those with digital banking services, should look for IAM solutions that are certified to the OpenID Financial-grade API (FAPI) cybersecurity profile. In some regions, this is a mandatory requirement. FAPI-certified solutions follow best practices to protect APIs against cyber threats in high stakes environments like digital banking.
Simple Development Tools
Digital banking organizations must stay at the cutting edge of innovation to continue delivering competitive experiences. This means that there is often pressure to launch new digital services, apps and features quickly. IAM solutions that have cumbersome interfaces or are complicated to program can delay time-to-market for new products and features. The complexity can also make it easy to overlook security vulnerabilities. The result is slower business growth and potential security gaps. Identity platforms that offer simple, easy-to-use developer tools and resources can dramatically improve market competitiveness and strengthen security.
Extensibility
Challenger banks often have large numbers of APIs and must integrate with a range of third party entities. An IAM solution with ready-to-deploy SDKs for many systems and solutions can help digital banks rapidly establish and easily manage integrations. Not only does this reduce developer team workload, it also makes it easier to ensure the right security measures are in place across the ecosystem.
Scalability
Digital banks are growing at an unprecedented rate. Without the limitations of physical locations, their customer reach is expansive. Scalability is a fundamental requirement for IAM platforms in challenger bank environments. The right IAM solution will be able to easily handle identity management and authentication for high volumes of users, APIs and applications.
Identity Management for Stronger Digital Banking Security
As APP and other forms of financial fraud continue to grow, challenger banks must stay focused on discovering potential authentication and identity management vulnerabilities so they can continue to harden their security practices. Defending against cybercrime requires more than patching technology vulnerabilities; it requires anticipating human behaviors that bypass security tactics. A bank may not be able to control a cybercriminal skilled at misleading customers into fraudulent transactions, but with the right IAM technology and protocols, a bank can have authentication measures in place that create additional layers of security. Plus, an IAM platform that is designed for flexibility and growth can be adapted to address business trends and security threats now and well into the future.