One in Four Banks Find it Difficult to Verify the Identity of Online Banking Customers

According to the Kaspersky Lab’s Financial Institutions survey, one in every four banks finds it difficult to verify the online banking customer identity. Thus customers are becoming victim to financial frauds online.

With the rise of online and mobile banking, customers are not only becoming victims of financial fraud, but also a major entry point for attacks on banks’ digital channels. According to the research, in 2016, 30% of banks have had security incidents affecting banking services delivered via the Internet — with phishing against customers, and using customer credentials for fraudulent activities, as the top contributing factor leading to the attacks.

Banks find themselves in need of security technologies that do not undermine the customer experience: 38% of the organizations surveyed confirm that balancing prevention techniques and customer convenience is one of their specific concerns.

“While thinking of different approaches to secure digital and mobile channels, banks naturally avoid putting too much pressure on customers. Online banking should preserve its main benefits: as a convenient way of making financial transactions in seconds. That is why we are working on technologies that help to protect both banks and their customers without adding an extra security routine to the user’s experience.” said Alexander Ermakovich, Head of Fraud Prevention at Kaspersky Lab.

In addition to two-factor authentication and other security procedures used by banks, Kaspersky Lab recommends implementing dedicated solutions that can help to identify whether a person is authorized, without requiring additional actions from the user. The Kaspersky Fraud Prevention platform accumulates and analyzes user behavior, device, environment and session information as anonymized and depersonalized big data in the cloud. Risk Based Authentication (RBA) assesses possible risks before a user’s login, while Continuous Session Anomaly Detection identifies account takeover, money laundering, automated tools or any suspicious processes during the session.

As a result, the platform provides protection not only at the stage of login, but also during the session itself, while customers do not have extra authorization stages to pass through.