Financial institutions (FIs) can be thought of as the gatekeepers in online commerce.
In today’s environment of rising fraud, criminals are using advanced technologies to impersonate legitimate consumers. Yet, FIs continue to rely on rules-based systems to authenticate account holders, using old-school static information (passwords and security questions) to assess the risk of a transaction.
Entersekt Chief Technology Officer Gerhard Oosthuizen told PYMNTS that new approaches to authentication are warranted, balancing security concerns with a frictionless experience.
“When looking at risk-based authentication, people have traditionally looked at it as a ‘yes or no’ decision,” Oosthuizen said.
The binary consideration boils down to approving a transaction or declining it. In always-on, ever-faster online commerce, however, the window surrounding that decision grows ever shorter. As Oosthuizen said, it all must happen in real time — in milliseconds — but all too often the information available on which to base those decisions is limited or flawed. That means good transactions are denied, or fraudsters slip by the bank’s defenses.
“Ultimately, the goal is to create an optimal experience and use the signals and the information available to let the ‘right guy’ in,” Oosthuizen told PYMNTS. “If you get it wrong, you lose that client, they stop using the product, or they stop using your card if they’ve had a bad experience.”
“Contextual awareness” of a consumer and a transaction is key, using different signals to determine whether a transaction should be approved or denied — or if additional, step-up authentication is warranted, he said. Therefore, to avoid declining a potentially legitimate customer, the system may reach out to that customer to collect additional signals to help make a more accurate decision. The type of challenge is also adaptive, focused on creating minimum friction while mitigating the potential fraud vector identified.
“We can use technology to capture more signals to find out whether an individual is transacting on a mobile phone or another device and whether that device has only been recently used,” he said. “Advanced signals can also be tapped in real time to construct the historic view of a customer, including whether they’ve transacted with a merchant before, where the goods are being shipped, if they are using familiar email addresses and banks, and how the information is being entered into a device.”
Entersekt’s Authentication Advisor solution, housed within the firm’s platform, uses device-level signals and data to help FIs make those split-second decisions about transactions. This new solution is designed to help FIs, including banks, credit unions and payment services providers (PSPs), combat financial fraud attacks by using contextual data and intelligent risk signals — while simultaneously improving the customer experience.
The Authentication Advisor is live in North American and South African markets, with additional releases to follow.
The Authentication Advisor combines the best of risk-based authentication and contextual awareness to create a single, more advanced software-as-a-service solution to help FIs, PSPs and their customers stay protected from current and emerging banking and payment card fraud threats.
The key differentiator lies in its ability to use comprehensive, cross-channel intelligence to build detailed user profiles and detect even the smallest anomalies. By collecting and correlating live signals from multiple touchpoints across multiple channels, including login, banking transactions, card-not-present commerce and other digital activities, the system can identify patterns and behaviors in real time that may indicate fraudulent activity.
“The layered approach to collecting and synthesizing data helps bypass some of the more inventive ways fraudsters are using to elude detection,” Oosthuizen said.
Simply relying on device fingerprinting is not foolproof, he said. Criminals have been able to impersonate devices by replaying all the same device signals they collected from the actual customer’s browser. To address that vulnerability, cryptographic proof linked to devices is one of the advanced signals that FIs can trust and is seamless to customers.
Delving into the mechanics of the Entersekt offering itself, Oosthuizen said the firm uses a consortium approach to inspect data across FIs. The Authentication Advisor performs transaction analysis across six phases, offering FIs capabilities to collect a broad range of signals, enriching that with bank-stored details such as card information, email addresses and historical transactional context. The granularity extends to whether they’ve ever shopped with a merchant category code, whether they’ve traditionally used iOS or Android devices, and even the average dollar amount of their past several transactions. The result is a risk-assessed decision with advice that takes the individual’s profile into account.
“All of this happens seamlessly in the background for every transaction,” Oosthuizen said.
The primary benefit is in minimizing false declines and checkout abandonment, and by extension, for the banks, more customers who will opt to use an issuer’s card because there is a more predictable outcome with that card.
“That’s why we’ve called it the Authentication Advisor, to help guide the banks and the merchants toward offering a more secure, yet improved, customer experience,” Oosthuizen said.