Ross Shamenski, General Counsel and Chief Privacy Officer at NuData Security
Earlier this month the United States Federal Reserve System issued a recommendation for proposed rulemaking regarding potential cybersecurity risk-management and resilience standards. Core to the Federal Reserve’s strategies for improving the U.S. Payment System is the safety and security of faster payments solutions and these recommendations are in the spirit of promoting healthy banking practices for large banks.
It is certainly true that the risk for large organisations, their customers, and the domestic, if not global banking system, could be enormous should there be a significant cyber-attack with loss of service or records.
The 2016 Identity Fraud Study, released by Javelin Strategy & Research, found that $15 billion was stolen from 13.1 million U.S. consumers in 2015, compared with $16 billion and 12.7 million victims a year earlier. In the past six years identity thieves have stolen $112 billion.
Among some of the points addressed in the proposed standards are the need for more stringent cybersecurity requirements for third-party service providers as well as nonbank financial companies, such as payments processors, that are supervised by federal regulators.
Data breaches and cyber-crime continues to become more prevalent – with over a billion accounts breached last year. This is hitting the FI space hard. The ability to deliver the convenience and increased functionality of faster payments AND balance the complex and constantly evolving fraud mitigation strategies is of key concern.
It seems likely, should any new regulations be forthcoming, that the costs of compliance would solely be borne by the banks which is also a burden that is hardly completely fair given that at least some of the responsibility for security is attributed to the reluctance of many consumers to take even the most basic precautions, even when repeatedly encouraged to do so. This in itself is hardly surprising due to the fact the most customers can’t be expected to be security experts and want a frictionless experience with dealing with their bank. The current tension between these two points of view leaves a widening opportunity for fraud to continue, and regulators motivated to take action.
For online and mobile environments, FIs and merchants are focused on having continuous visibility into digital identities across the account lifecycle to positively identify good users and detect a) automation/non-human behaviour, b) coordinated activity (fraud groups/botnets), and c) anomalous account creation or anomalous transactions.
However, in order to comply with cyber risk regulations, some “solutions” will often add more friction into the authentication stream, irritating customers and providing marginal results.
However, other solutions are available that can comply and address this issue silently and effectively. Passive behavioural biometrics is an effective answer for banks who want to balance customer satisfaction against security and maintain trust at all times. Typically, regulations burden banks with even heavier demands to meet their compliance targets, where solutions that analyse customer behaviour and provide accurate identity confidence even prior to transaction can provide real value to the discussion. By constantly monitoring and assessing customer behaviour, financial institutions already have at their disposal tools that can accurately determine who the customer is with a near-perfect confidence rate.
Widespread adoption of these methods would result in a dramatic decrease in cybercrime.
Recently, NuData allied with Early Warning, an industry leader in real-time payments, authentication and risk mitigation, to provide an even greater level of authentication confidence to payments. With tough federal cybersecurity standards like these for big banks coming in; cybersecurity needs to take a front seat. This alliance is a key means to address this. Cyber security is a chief concern of this alliance which aims to prioritise fraud mitigation for all financial providers.
Recently, we have seen biometrics companies ally with companies specialising in real-time payments, authentication and risk mitigation, to provide an even greater level of authentication confidence to payments. With tough federal cybersecurity standards like these for big banks coming in; cybersecurity needs to take a front seat. Alliances like this are key to addressing these issues. Cyber security is a chief concern, and alliances such as these aim to prioritise fraud mitigation for all financial providers.