Learn More »

Verifying Digital Identities Beyond One-Time Passwords and Device ID

  • Case Study
  • Share

OVERVIEW

A large multinational bank was evaluating new ways to further their digital first ambition and improve their overall customer satisfaction, and they began looking at frictionless security solutions to improve their banking platform. Their digital clients were under constant attacks by banking trojans and fraudsters using social engineering techniques to bypass the existing device- and token-based security. This highlighted the urgent need to verify online sessions by identifying the actual customers rather than their devices.

In evaluating fraud detection solutions, they selected BehavioSec for its enterprise grade capabilities to be deployed on-premise, integrate with existing legacy risk management systems, and unique ability to ensure that online transactions originate from the correct person every time.

Industry

  • Financial Services
  • Online Banking

 

Environment

Gartner Peer Insights logo
Verifying Digital Identities Beyond One-Time Passwords and Device ID QR code

Full-service bank supporting over 5 million digital identities and billions of annual transactions.

Problem

  • Device-based security proved useless against new types of fraud attacks.
  • Physical- and mobile-tokens adversely impacted customer satisfaction.
  • Fraud losses were growing as fraudsters increasingly targeted vulnerable customers through social engineering.

Solution

  • Tying online sessions to the actual customers using behavioral biometrics cut successful attacks by 79%
  • BehavioSec’s PSD2 compliant and frictionless solution drastically cut the need for token-based step ups
  • BehavioSec’s solution proved highly effective at detecting advanced attacks, like Phishing, SMishing, ID Theft and banking malware, cutting fraud losses by 99%, or $1.8m annually.

THE CHALLENGE – BEFORE BEHAVIOSEC

Digital fraud attempts were on the rise by banking trojans, sophisticated social engineering, and credential stuffing attacks by criminal networks obtaining breached login credentials. Legacy authentication and anti-fraud risk engine tools didn’t provide enough visibility to detect fraud when it came from the legitimate customers’ devices and proved unsuccessful at reducing the new fast-growing threat vectors.

The bank tried other solutions, such as requiring two-factor authentication and token step ups from customers in order to verify their digital identity, but these methods were having an adverse impact on customer satisfaction as it introduced further friction to the digital experience and added increased maintenance and customer support costs.

Additional tools for verifying digital identities were needed and an array of vendors delivering Behavioral Biometrics and other technologies were evaluated.

 

THE SOLUTION – AFTER BEHAVIOSEC

Preventable Fraud Losses with BehavioSec (Total)

BehavioSec’s Behavioral Biometrics solution was selected to aid real-time detection of fraudulent activity. The software-only solution outperformed all vendors in the market in authentication accuracy, feature capabilities, and ease-of-integration, as it contains the enterprise grade features required to integrate into the bank’s existing fraud response workflows.

The solution improved overall authentication accuracy and aided the bank’s adoption of the Payment Service Directive 2 (PSD2), including compliance with its Strong Customer Authentication (SCA) requirement.

The solution was able to easily exceed both mobile and web channels scaling requirements to accurately support the bank’s billions of digital interactions. By layering BehavioSec with existing infrastructure, the bank was able to detect and stop almost all of the bank’s potential fraud loss events.

 

SUMMARY

“Moving into the spacey area of biometrics, the most important qualities – besides a well-functioning product – is the willingness to interact, options to tweak and develop on an ongoing basis, and a solid foundation in proving proper operation. With this choice, we feel well positioned for our future security development.”
— Chief Security Architect

BehavioSec’s solution has been deployed at the bank for over half a decade and has become an integral part of its authentication and
anti-fraud tech stack, supporting their digital first banking at scale, and drastically reducing both account takeovers and banking malware attacks.

The additional telemetry harnessed in web and mobile applications and the shift from device-based to behavioral-based identity has proven to be a highly effective way of achieving PSD2’s SCA without adverse effects on the digital experience.

Fraud attacks and losses have been drastically reduced through the adoption of behavioral biometrics and the resulting cost savings alone continue to easily justify partnering with BehavioSec.