My first experiences with New York City came when I studied abroad in upstate NY. Occasionally, when the weather wasn’t good enough for mountain climbing or snowboarding and we had saved up enough money for a fun weekend, we would head down to the big city. As many other college students have experienced staying in the city often meant staying in filthy hotel rooms with sub-prime health ratings. Now, more than a decade has passed since “those college days” I spent in a hotel room that looked like something out of the movie Se7en and New York still manages to bedazzle me.
This spring I had the opportunity to spend the last quarter in the city as part of the FinTech Innovation Lab. I was here with my company BehavioSec, to launch our concept of continuous authentication for banks and payments. Since BehavioSec is headquartered in Sweden and with our great successes on the European market an accelerator in New York was a great fit for us to increase our fast-growing expansion into the Americas. Whilst I like being on the west coast it’s much easier to manage a global operation with “only” the six-hour difference it is between Stockholm and New York compared with the nine hours to San Francisco. Another sweet bonus is how physically close all the financial giants are in New York, lower Manhattan really must be the place in the world with the most banking execs per square kilometer in the world.
The New York Times just published an article about the accelerator outlaying what this years program was all about. In short, it was an excellent opportunity to meet with the big financial institutions whilst getting great support from the Innovation Lab. Getting provided with a stacked calendar of meetings with high potential is certainly a joyful experience, and much like my previous experience with the FinTech Innovation Labs London-based accelerator. In addition, the sheer amount of excellent events the FinTech Labs provided us with sparked a chain reaction of great meetings with top-level executives, some of them almost impossible to get access to without the program. We are now enjoying more pilots than we can almost handle, which can directly be linked back to the connections we made at countless high profile meeting, pitches and cocktail mingles.
Continuous authentication in the Americas
It’s kind of a paradox that Europe, traditionally focused on security, has been quicker to adapt continuous authentication solutions than the traditionally UX-focused Americas. From a practical stand point it makes sense, where many European banks still demanded (and in many cases still demands) user intrusive multi-factor tokens for seemingly low risk transaction like checking a statement. American banks often even allows you to store your password in the browser, something I’d never be allowed to do with my Swedish banks.
With the UX-revolution, often powered by user-friendly FinTech startups, it suddenly became important to quickly remove intrusive barriers without lowering the financial institutions security. The bi-product of this move in the market has led to an alarming increase in manual review cases, overwhelming both fraud and security departments at major banks. The increased rate of mobility of customers and employees lead to a high rate of false positives, with legacy fraud detection systems often built to flag anything out of the ordinary as suspicious, such as a laptop in a new location or signing in from a new device, members of security or customer-facing teams needed to sort through a high volume of activity, only some of which will turn out to be fraudulent (for more info on how it can be done, check out my previous article on machine learning in security automation).
“The devil is in the details”, you have to truly understand the market and the problem you are trying to solve. In the Americas, where user experience always been the main focus, my typical European pitch of “we allow you to improve both user experience and security” is instead changed to “lower fraud and manual review without harming the user experience”. This was reinforced during the FinTech Innovation Labs where, after doing my standard pitch and showing the banking-token I no longer need, a well-known banking executive told me to lose the token from my pitch “leave that in Europe, nobody here cares about tokens”. As frank as that was, it’s an important reminder of the difference of view point Europeans and Americans have when it comes to adaptive security solutions.
Regardless of where you come from, continuous authentication limits the need for manual fraud review and saves us all from intrusive security hurdles and phone check-ins from our banks the moment we cross a border. Increasing the positive interactions that customers have with their banks.