Behavioral Analytics Fights eCommerce Fraud and Friction in Real Time

The pandemic has significantly changed consumer behavior and preferences, pushing banks to upgrade their processes to meet these shifting demands.

Schalk Nolte, CEO at authentication firm Entersekt, told PYMNTS in an interview that pre- and post-pandemic, there has been a distinct shift towards consumers transacting online more often, requiring banks to ensure they take care of those who previously did not transact online.

In the retail space, for example, the boom in eCommerce sales has led to a spike in fraud, forcing financial institutions to implement innovative solutions and adopt extra authentication methods to minimize the increasing credit card and debit card fraud threats.

Capitec Bank, one of the largest retail banks in South Africa, has recently partnered with Entersekt in a deal that will involve implementing the firm’s latest solution.

Related news: Entersekt, Capitec Team to Improve eCommerce Security

According to Nolte, the solution, which leverages behavioral analytics from Mastercard company NuData Security, boosts the security of eCommerce payments in real time, while creating a differentiated, frictionless eCommerce experience for cardholders.

“Depending on what you do, where you’re coming from, how you hold the device or how you click your mouse, all of which are behavioral, we can determine the best authentication for a specific transaction in real time and ensure that there is a balance between [digital] security and user experience,” Nolte explained, adding that he sees context-aware authentication as the future of authentication.

Read more: Bonifii and Entersekt Offer Biometric Context-Aware Authentication for Credit Unions

Despite the buzz around convenience and the need to simplify processes to the bare minimum effort, Nolte said that many customers do prioritize digital safety over convenience, but also find it empowering to play an active role in authenticating their payments.

That empowerment builds trust, he said, and can ultimately translate into a huge increase in transaction volumes as consumers grow to expect and trust authentication experiences. He pointed to that as a key benefit in making customers part of the authentication journey.

“Nobody knows more than you or better than you whether a transaction is legitimate or not, so the best person to involve in deciding whether [a payment is fraudulent] or not is [the individual],” he said.

Fraud Is Here to Stay

According to Nolte, fraud will always be very lucrative, which is why old forms of cyberattacks like phishing are still around today and will continue to exist in the years to come.

He said that fraud is like energy, in that it can never go away. Rather, it just changes form.

And even as old forms of attack linger on, newer ones such as social engineering are emerging across markets as criminals attempt to trick end users into sharing confidential or personal information, entering a one-time password (OTP) or authenticating transaction for fraudulent purposes.

See also: Zero Trust, Mobile Banking and the Age of Continuous Authentication

That is where context-aware authentication comes in as a safety net, Nolte noted. The process involves performing a real-time analysis of the context — such as identity, type of device or geolocation — to accurately determine the identity of the user and inform the appropriate security decisions.

This can remove friction from the authentication process, which means banks no longer have to make the difficult tradeoff between great user experiences and strong security.

The behavioral analytics that NuData Security provides also helps Entersekt identify devices that have been flagged for fraud at a different bank, making it easier for different institutions to work together to combat fraud, he said.

Looking ahead, he said fast identity online (FIDO) authentication, which helps to reduce reliance on passwords, will play a key role in combating front-door attacks and ensuring greater email security, both of which can minimize social engineering.

“From FIDO and behavioral and contextual awareness or a combination of all of these things, there’s a lot of momentum [in the cybersecurity space] that will assist the industry in [keeping up with the times].”