The Future of Omnichannel Banking Communications: Transferring the Friction to Cybercriminals

The advent of tech giants, such as Facebook, Google, Twitter and Amazon, instigated a cultural shift in our world

Operating largely on personalised engagement, they have over time conditioned society to expect the same from all our interactions – including interactions with financial institutions. These corporations have also set the pace for faster, friction-less exchanges through digital means. As a result of the coronavirus outbreak, even those who may have once been resistant to the change are having to make the transition into this domain. With social distancing measures still in place in many countries, individuals no longer have the flexibility to attend in-branch banking appointments, nor partake in in-store shopping.  

As fraud is simply a numbers game, with more people shifting to card-not-present (CNP) transactions, so too have the efforts of cybercriminals – even a small percentage of success with CNP fraud, could reap great rewards. Suddenly, individuals are exposed to multiple avenues of attack, from hijacking peer-to-peer payments to creating counterfeit accounts. What’s more, bad actors are likely to take advantage of newcomers in the digital space. Being less experienced in navigating this unfamiliar territory, they will struggle to identify the threats.  

Knowing this, many are inclined to be distrustful towards the digital sphere; believing that one simply cannot achieve seamless communication without introducing increased risk. Indeed, in a recently conducted YouGov study of over 2000 banking customers across the UK, one-third believed that using digital channels puts them at a greater risk of fraud. This, however, does not necessarily have to be the case. 

Omnichannel doesn’t have to mean omnichannel fraud 

Over the years, banks have slowly but surely evolved towards paperless banking; depending instead, on emails and text messages to convey messages. Unfortunately, so have just about everyone else. With this daily bombardment of messages, it comes as no surprise that many have become fatigued; circumstances which cybercriminals are quick to leverage. At best, individuals overlook important communication from their banks. At worst, they skim hastily through their inbox and neglect to attribute the necessary time and attention to verify the authenticity of an email or text; thus, falling into the hands of a fraudster.  

When building synergy between friction-less communication and security, banks are required to first establish consistent and familiar branding. The stronger the brand awareness, the easier it will be for customers to recognise if something is amiss. From there, steps need to be taken to ensure that strong authentication is implemented at appropriate times during the communication cycle. For instance, if a customer looks to update their contact details, change their password or redelegate an authorised user, banks should impose robust methods such as two-factor, biometric, or token authentication, among other alternatives. The escalation of such methods should be fine-tuned according to the significance of each request. This is especially important as enabling a bad actor to access one communication channel, could leave other previously uncompromised channels open to further illicit activity.  

As part of the authentication process, banks would benefit greatly from limiting the progression of any sensitive actions to trusted endpoints. One way of doing this is through the use of banking applications (apps). Indeed, with the employment of such apps, financial institutions can take advantage of sensor data to substantiate a customer’s claims. For example, if a customer attempts to process a large transaction in the US but appears to be physically located in Europe, the bank can then intensify the authentication process as they see fit. In this way, introducing a more personal and efficient experience to banking security.  

In addition to this, an app can facilitate a trusted dialogue between the financial institution and the customer; a fundamental aspect in building trust between the two parties. Through issuing notifications, banks can utilise their apps to send messages that stand out from overloaded inboxes. This can be as simple as offering the option to upgrade a bank account following the identification of a pay raise, or an alert upon detection of suspicious activity. Such notifications can be adjusted depending on the urgency of the situation as well. The user can then easily confirm ‘yes’ or ‘no’ to verify the legitimacy of a claim with one touch. This guarantees the effortless nature of the communication process. The security aspect, on the other hand, is integrated through the app itself, where messages can be secured through end-to-end encryption and digital signatures. As such, even if a customer were to begin a transaction or request elsewhere such as an e-commerce site, by forwarding them to a secure platform to finalise the request, malicious actors are kept at bay. 

The same security can be applied to the banking call centre channel as well. In fact, call centres are a notorious target for cybercriminals, particularly as identity checks rely on potentially compromised data sets and AI has enabled the emergence of ‘deep fakes’. Therefore, putting both the bank and the customer at risk of being duped by the other. Alternatively, with an app, calls can be conducted from within a safeguarded environment. If a call is not held from within the app but on landline instead, a message can be sent to the app for authentication purposes.  

All in all, by incorporating a secure banking app in communications, financial institutions can offer their customers a fortified means of managing their capital through various convenient channels; all without sacrificing exceptional customer experience.  

About the Author

Steve Bledsoe CISSP is head of sales engineering, Entersekt. Entersekt is an innovator of mobile-first fintech solutions. Financial services providers and other enterprises rely on its patented mobile identity system to provide both security and the best in convenient new digital experiences to their customers, irrespective of the service channel.

Featured image: ©Pinkeyes