Financial Fraud Executives Adopting Behavioral Biometrics to Counter Scam Attacks
By Roy Urrico
Finopotamus aims to highlight white papers, surveys and reports that provide a glimpse as to what is taking place and/or impacting credit unions and other organizations in the financial services industry.
Digital acceleration created a surge in online use in recent years, resulting in a significantly expanded attack surface for fraudsters to exploit. LexisNexis Risk Solutions’ newly published white paper, Multifaceted Fraud Attacks: Behavioral Biometrics as a Defensive Tool, produced by Aite-Novarica, recommends behavioral biometrics to help organizations, including credit unions and other financial institutions, address fraud and authentication challenges.
Cybercriminals leverage a variety of attack vectors, such as creating and using synthetic identities, perpetuating new account frauds, and scamming consumers through impersonation, and assorted scams and cons. Most of these attacks, according to the white paper, are committed online or through mobile devices.
The white paper supports fraud prevention teams engaging behavioral biometrics to gather additional clues to evaluate each transaction and defend against the range of relevant attack vectors. Behavioral biometrics analyze how a person interacts with devices, including attributes such as the phone or tablet angle it is held, the pressure applied to screens, surface swipes, directional motions, typing rhythms and other keyboard patterns.
"Fraud executives are deeply concerned about increasing fraud attacks and the effect it has on consumers and their organization's reputation when losses occur," said Stephen Topliss, vice president, fraud and identity strategy, LexisNexis Risk Solutions. "Businesses need the most multi-dimensional view available of an identity to make high-quality decisions. Behavioral biometrics allows businesses to provide an optimal customer experience by passively authenticating them and only inserting additional steps into their journey if there is a higher risk."
Scams Drive Fraud
“Scams have become a challenge across all industries. We used to hear about things like romance scams and get rich scams, but now fraudsters have evolved,” Kimberly Sutherland, vice president, fraud and identity, LexisNexis Risk Solutions, told Finopotamus.
Findings in the white paper reveal 48% of fraud executives ranked consumer scam attacks among their top concerns in 2022. Financial executives' most common fraud concerns include losses occurred through application fraud that center on bad checks, mule activity and synthetic identities.
The white paper explained that most people use peer-to-peer (P2P) payment platforms more frequently. However, a consumer survey in the study reveals that 10% of U.S. respondents now use the services less often, along with 9% of United Kingdom (U.K.) consumers and 7% in Singapore. Of consumers who reduced use of P2P services, a significant proportion of consumers in the U.S. (43%), U.K. (46%) and Singapore (35%) changed their behavior due to fraud concerns.
How Behavioral Biometrics Works
Behavioral biometrics operate in the background without adding friction to the consumer's journey, explained Sutherland. This methodology creates a unique profile that can help authenticate genuine user interactions and flag bad actors and sessions where legitimate users may be acting under a bad actor's direction.
An increasing number of organizations have begun implementing behavioral biometrics in fraud operations, according to the white paper. Fraud executives in North America rank satisfaction with behavioral biometric solutions as second only to the risk engines they use.
Mortensen added, "The capability is attractive as it authenticates users on a passive basis, in the background, and requires no active intervention by the customer beyond their normal use of the app or website."
Sutherland proposed behavioral biometric technology is effective against many aspects of fraud, “even scams, which is one of the highest reported fraud attack vectors right now.” The technology can look at hesitancy activity, if somebody look like they are changing their behavior or are being coached. Those types of patterns start to emerge in scam activity.”
“At new account opening, we often run into situations of is it a human or a bot or is it a fraudster,” she added. “Then with account takeover, that's where behavioral biometrics used in combination with other authentication factors, can identify someone impersonating the actual accountholder.” Behavioral biometrics are just looking for a difference, explained Sutherland.
Taking Advantage of Old Habits
Behavioral biometrics take advantage of consumer predictability, Sutherland offered. “I think humans in general are way more predictable than we think we are. We all have certain patterns in how we interact, how we hold our device, how much pressure we place on the screen, how we swipe, how we use our mouse, how we use our keyboard, all those things, become part of our digital signature,” she said.
“It's really exciting,” Sutherland continued. “The ability to measure uniquely distinct patterns and human behavior has really evolved. It adds such an important layer to fraud prevention. Our surveys of fraud professionals are very focused on trying to increase security without negatively impacting the customer experience at all aspects of that account relationship. Behavioral biometrics has a great place for that because of its ability to detect those patterns as well and not impact the experience.”
Sutherland further explained, behavior biometrics work in conjunction with already deployed perimeter security that detect risk indicators around the device and certain internet protocol (IP) addresses.
She added behavioral biometrics can also detect whether the individual acts like a bot. “Is it a non-human that is actually doing the interactions? Now we are able to go even further and say, is this really Roy? Is this the same person after we have seen them more than one time.”
Protecting Against Certain Types of Fraud
Sutherland proposed financial institutions can build a profile unique to individuals in particular use cases with behavioral biometrics solutions such as LexisNexis BehavioSec. She added, the most important aspect is that it is passive in nature so it does not increase friction.
“It becomes a layer that can be added; a workflow for any type of organization, to assess the digital transaction. it allows you to assess, a good user from a bad user, without changing the customer experience,” said Sutherland.
Protecting Financial Institutions
How can financial institutions, such as credit unions, implement behavioral biometrics? “We highly recommend that behavioral biometrics as one of several layers of protection that a financial institution should use,” advised Sutherland. “So, pairing that with device and digital assessments, and solutions like threat metrics is one that we offer. We think behavioral biometrics should be used in combination with a broader assessment of digital activity.”
In addition, a behavioral biometrics solution fits in wherever the business chooses to place it. Said Sutherland, “These are not surveillance activities that are occurring. (Behavioral biometrics) are placed in specific areas where a business wants to look at how someone is logging in or how they are making a payment request. Very specific areas that allow businesses to fine tune how they wanna use that behavioral activity associated with the device interaction.”
Sutherland noted the digital acceleration occurring at the beginning of the 2020 timeframe due to the pandemic with new users adopting mobile apps for financial transactions. “They're continuing to use those. And now it is a matter of continuing to find ways to allow users to engage in the safest manner.”
Adding solutions that are “passive in nature” that do not add friction, like behavioral biometrics, she added “is one of the “top ways” to continue the digital engagement in the most secure manner. “Consumers not only care about convenience; they definitely care about security,” she said.