Walking the Fine Line between Seamless and Unsafe Banking

George Lee, Vice President, Asia Pacific & Japan, RSA

George Lee, Vice President, Asia Pacific & Japan, RSA

Asia Pacific (APAC) is the world’s most populous continent, and it is also home to the largest percentage of unbanked population, according to the World Bank’s Global Findex report. This is going to change. The emergence of a large digital population in the region is driving demand for new ways of banking—notably, mobile banking.

Singapore is at the heart of it. Already known as the financial hub of Southeast Asia, mobile banking has overtaken branch banking by popularity, with a 15% jump from July 2017 to July 2018. The unparalleled convenience and immediacy of mobile banking provide financial technology (Fintech) companies with the ideal platform to deliver new services and grow their business.

Seizing this opportunity to build the nation’s Fintech capabilities, the Singapore government has been pushing out new Fintech initiatives such as opening its real-time and round-the-clock payment system (better known as FAST) to broaden access to various payment players.

It is only a matter of time before Singapore clinches the title of APAC’s Fintech hub.

Innovation moving too fast too furious

But with every opportunity comes risk. While the Singapore government is encouraging Financial Services institutions (FSIs) to deliver new ways of banking, this inevitably captures the attention of threat actors. The proliferation of smart devices also means a rise in access points—be it Wi-Fi, RFID, and NFC—that are vulnerable to threat actors. To make matters worse, some of these devices have historically been shipped with outdated software.

At the same time, regulations and governance are not moving rapidly enough to stay ahead of evolving end-user needs. The fast-moving technology landscape dictates that success is synonymous to agility and leanness. Likewise, the ability to adapt quickly to changing consumer demands determines the winner—that is why the traditional FSI industry struggles to retain customers who turn to other more agile providers, like Fintech startups, that can offer an alternative type of services at a higher level of convenience.

Despite the business landscape’s need for speed, regulations naturally often take years to shape and require significant resources to implement.

FSIs, in over eagerness to capitalize on the Fintech boom, tend to risk sidestepping when it comes to compliance. This often results in a higher chance of being attacked.

Embrace digital opportunities, manage risks

It is unsurprising FSIs have rigorous protocols and processes in place to reduce fraud as they handle some of the most sensitive information. Yet, customers today are used to getting what they want, wherever they are, and whenever they want.

The question now lies in balancing security, digital risk, and convenience. Delivering frictionless customer experience across new and emerging digital channels, like mobile banking, while ensuring the maximum level of security is key for FSIs to sustain their competitive edge. How does an ideal authentication and fraud detection strategy look like?

Stopping fraud, not customers

As the array of digital banking channels grows, there is an increasing need for FSIs to implement authentication processes that ensure transactions are legitimate— yet at the same time, reducing the tedious additional authentication hoops. Customers today want access and availability with zero friction.

Risk-based authentication assesses fraud risk based on contextual information such as device identification, IP address, user behavior, and fraud intelligence on a massive scale and across all customer engagement channels. What it does is to leverage multiple machine learning models that enable new fraud patterns to be learned quickly. The result – minimized false positives and a more seamless end-user experience.

Secure omni-channel architecture

Digital banking also sees online and mobile banking, chat support, and third-party services running independently from one another. Such environments may translate to inefficient operations as potential fraud is buried in a myriad of disparate systems, leading to a less secure and disparate banking ecosystem.

With an omni-channel architecture, all channels—from offline to online—can share knowledge and awareness of customers’ interaction. This leads to streamlined operations, and greater visibility and awareness for security teams, allowing for more secure banking and better user experience. More importantly, it creates an environment conducive for FSIs to leverage advanced technologies such as deep entity profiling to further improve fraud detection.

Keeping pace with transaction growth

It is inevitable that the volume of digital transactions will spike with the meteoric take-up of digital banking. However, this makes fraud analysts’ job to review potential fraud cases extremely challenging. Automating the fraud review process to prioritize case alerts based on risk and business impact—business-driven security—will help direct cases that pose the most risk to the limited resources FSIs have at hand.

Machine learning can also play its hand here. Implementing automated case handling will further enhance the accuracy of fraud detection without even engaging analysts, in turn freeing up time for analysts to focus on more critical tasks—this two-pronged approach will ultimately cut fraud losses.

Fintech is well on its way to growing its presence across APAC.

Digitization is set to connect and democratize the region’s unbanked population—and this is where a great opportunity lies for FSIs. For them to capture the growth opportunities this presents, FSIs must learn to balance a seamless banking experience and a secure one. This will ultimately build trust—trust is, after all, the real currency in the FSI sector—that ensures happier customers in years to come.