Fraud is a serious problem, costing businesses an average of 5% of their annual revenue, and it’s no surprise that online activity is impacted the most. In our 2021 Faces of Fraud report, we found that financial institutions identified account takeover (45%), phishing (42%) and business email compromise (36%) as the top three most concerning fraud schemes.
Organizations know they must embrace anti-fraud controls in customer-facing solutions to mitigate these risks, but they are hesitant to frustrate their customers. The reality is simple password-based log-ins aren’t good enough, but as organizations increasingly adopt multi-factor authentication, they worry about negatively impacting the user experience. After all, the customer is king. In fact, our Faces of Fraud study found that more than twice the number of institutions rated customer experience as their organization’s top priority versus fraud prevention.
Consider the following example. A user accesses their online bank account using a login and password. It’s an insecure scenario, but it’s extremely convenient for the user. Then the user’s bank adopts multi-factor authentication. The user goes to the same portal and enters their login and password, but has new hoops to jump through, like entering a one-time password sent by SMS or email. This is more secure, but impacts the user experience, especially if that user must meet the same requirements each time they log in. It’s easy to see how this would frustrate the customer.
Traditional controls can't keep up with today's accelerated volume of attacks and organizations must take an aggressive stance to combat them. Fortunately, there’s a better way.
Behavioral Biometrics Assessment
Risk-based authentication that uses behavioral biometrics can gather intelligence from each user interaction to learn and identify “normal” behavior and flag abnormal behavior. When a user interacts with a login screen, the system captures keyboard and mouse interactions and uses machine learning to understand the user’s normal patterns—like how quickly they type, where they typically pause between keystrokes, if they copy and paste, etc.
After several logins, the system builds a model that can be used to assess new logins and compare current user behavior to their typical behavior. If the behavior is the same, the system can validate the login without further interaction. But, if an anomaly is detected, it can prompt a step-up authentication, like requiring the user to provide a one-time code received via text message.
This approach enables organizations to identify fraudulent activity with a high level of accuracy, while also giving more confidence in genuine sessions. This reduces the need for more intrusive forms of authentication that could spur unnecessary friction in the customer experience.
Appgate just announced a new behavioral biometric service that:
- Enables organizations to qualify the risk of any given login in real time, according to how it fits with normal user behavior, and use automated responses to protect users and data
- Provides a seamless user experience by making the service invisible to the end user, delivering robust protection without interfering with or slowing down online interactions
- Is API compatible and affordable, allowing organizations to implement and customize behavioral biometrics to meet their specific needs
- Delivers detailed reporting metrics on potentially compromised users and risk scores associated with login sessions, enabling organizations to respond quickly
With fraud on the rise, organizations with a high volume of online user interactions must step-up their game with more stringent anti-fraud controls. But that doesn’t mean they need to sacrifice customer experience. With behavioral biometrics, organizations can bolster their security with dynamic protection while also minimizing user friction.
Additional Resources:
Press Release: Appgate’s Behavioral Biometrics Service Enhances Online Security and Optimizes End User Experience
Learn more about Appgate Fraud Protection
Learn more about Appgate Secure Network Access