As mobility has become embedded in the world’s cultures, issuers are feeling the heat to create their own mobile apps, but in an era of non-top data breaches and increasing identity theft, security fears abound.
Due to the way that mobile apps are currently configured, they store many and varied credit card details – hence the concerns about security. Behavioral analysis is the key to allaying these concerns.
These valid concerns include loss of privacy, loss of security around financial transactions, data loss and the perception of insecurity. Legitimate applications passing user data to other applications or third parties in an unauthorized manner is gaining more attention in the public arena – as it should. In addition, a possible drawback to the mobile wallet and secure element solution is that a single pin unlocks all of the accounts stored in the wallet, resulting in much greater exposure.
If banks and other financial institutions can create mobile wallets that offer money-saving incentives and ease security fears, this will promote greater acceptance of the technology in regions where it has not yet become the norm.
There’s a lot riding on the security of a financial institution’s mobile wallet, including
its bottom line, brand reputation and customer. They need to really trust the user behind the device by verifying the user based on behavior.
Deploying advanced user behavioral analytics will allow the organization to detect genuine good users more accurately and improve the customer experience. Tracking behavioral patterns lets you learn who the real user is behind the wallet, from the kind of device they use to even detecting behavioral anomalies over time. When it comes to fraud attempts, banks can leverage that same information to quickly spot bad actors attempting to cycle stolen card details.
Organizations offering mobile payments can no longer assume that the person using the system is the legitimate account owner. This is why behavioral analytics is so important. This method of fraud detection focuses on observed characteristics of who the user is, not just who they tell you they are. It continuously profiles users and accounts through their entire lifecycle across multiple channels, including: desktop and mobile Web and native apps.
Continuously profiling users’ behavior empowers two key capabilities. First, it enables risk managers to detect and respond to risk sooner, reducing the chance of financial loss. Second, when the user does reach a transaction point, fraud managers have full context of all their previous actions and behavior to make a better decision on the transaction.
These user behaviors and other observable characteristics are gathered by non-PII networks, which analyze billions of transactions to create a store of anonymous identities that are categorized as good users and riskier users. These identities remain completely anonymous and adhere to stringent privacy laws. With this collection of identities, a bank is provided an early warning system that is able to alert them when a user is behaving “badly” approaches, even if it is the first time the user is approaching one of their sites.
By using these profiles as a baseline for good or risky behavior, banks can answer important questions:
Is this “user” creating a fraudulent mobile wallet with stolen account information?
When the user logged in previously, how did he or she behave? Are they behaving the same now? In other words, is this the real user accessing this account?
Is the user inputting data in a manner similar to how they’ve interacted on the same mobile device before, or is it completely different?
Is the user’s behavior being repeated? This is a key question. If the behavior is the same every time a user visits, perhaps we can say this is a good user. But if it’s the same behavior that 1,000 users are all repeating, it could indicate that this behavior is part of a crime ring that is creating bogus accounts with stolen credit card data. This could be a distributed, low velocity attack – the kind of attack that exposes you to massive amounts of loss.
Being able to answer these and other behavior-related questions constitutes the best chance of beating fraud.
A PayPal survey reveals the lightning pace of mobile payments adoption around the world. In the U.S.,
Having more accurate detection at the point of sale or at the login would protect consumers, merchants and banks from fraud. This cannot happen by putting all your security eggs in one basket, as it were, by relying on a single layer of defense at a single point in the transaction process. Behavioral analytics offers a wealth of insight gleaned by billions of transactions that banks need in order to detect and prevent today’s mobile wallet fraudsters. This level of detailed information will put not only banks but also consumers at ease as well.
Ryan Wilk is director of customer success at NuData Security.
