Strengthening mobile payments with continuous authentication

Current authentication solutions essentially force the users to choose between either security or convenience. For millennials who comprise the majority of the mobile banking user base, a frictionless user experience is the key factor in their decision to use a mobile banking application.

A recent survey found that 83% of millennials valued convenience over safety, and 60% valued time more than safety. Millennial users care about speed and a smooth user experience and are far less likely to verify their identity if it means compromising their own time. As a result, currently available strong forms of authentication end up turning away millennial users from mobile banking applications. What is needed is an authentication method that ensures convenience without compromising security.

Continuous authentication fights mobile banking fraud

Mobile banking applications remain vulnerable to attacks such as malware, malicious apps and SIM swapping. Continuous authentication means that even if a device were stolen, a hacker would have to impersonate more than 100 unique characteristics to complete the next action - an impossible task by any measure.

For any financial institutions trying to grow the use of their mobile apps, strengthening security and effectively describing those benefits to their customers is clearly the biggest step they can take. With frequent news about various corporate hacks and data breaches, consumers are beginning to demand a system that protects them with more than just a password.

Attackers can gain access to a user’s account by stealing authentic user credentials, and, with the increase of RATS, account takeovers, and other advanced fraud methods, one-time authentication, two-factor authentication and sometimes even multifactor authentication are no longer enough to effectively protect mobile applications.

To effectively fight mobile banking fraud, it has become crucial to continuously verify that users are who they say they are throughout the length of the session. Previously, users were asked to authenticate themselves at various intervals during the use process. However, introducing extra authentication stages required to complete a transaction has a negative effect on user experience and thus discourages use. Application level security requires the dynamic verification of who is using an app every step of the way while maintaining frictionless experience for the end user.

Behavioral biometrics to the rescue!

Behavioral biometrics learns from more than 100 different personal characteristics for every individual user such as finger pressure and typing speed to verify continuously the identity of the user as they interact with their device.

Banks can decide on the level of authentication required to complete different types of transaction. A higher risk associated with the type of transaction determines the trust score a user’s profile needs to carry out that action. If the user’s trust threshold is too low to complete an action, the bank can be notified.

Behavioral biometrics continuously ensures that only the intended user is using the app. With behavioral biometrics, security is provided behind the scenes, and the user doesn’t have to do anything extra that might hold them back or interrupt what they’re doing.

A better experience for shopping and banking

Presently, mobile devices account for 19% of all US retail ecommerce sales, and this figure is estimated to reach 27% by the end of 2018. Both ecommerce merchants and payment providers absolutely must cater to mobile users.

Statistics show that a bad mobile experience will cause 40% of the users to turn to a competitor, yet an alarmingly high number of users still experience difficulties completing mobile transactions. That presents a great opportunity for companies to capitalize on consumer conversion just by smoothing out the mobile transaction experience for their customers.

Behavioral biometrics can be built directly into any app to immediately improve the security of P2P payments, mobile banking or shopping. New users can start using your app quickly, because behavioral biometrics employs hardware and technology already built into devices.

Behavioral biometrics has been approved by the PSD2 as a valid authentication option. The time is right to create a better user experience for your customers while at the same time provide superior level of security. Under the new rules, merchants can choose whether to build payment options directly into their own apps, making security paramount. Behavioral biometrics ensures that mobile apps remain secure while maintaining fluid user experience.

About Ran Shulkind

Ran co-founded SecuredTouch and is responsible for the product development and management activities. Previously, Ran served in the Israel Defense Force’s top information security unit, where he led the development and deployment of information security products.

Ran holds a B.Sc. in Electrical Engineering, a B.A in Physics, and an MBA from Tel Aviv University.

About SecuredTouch

SecuredTouch is a pioneer in behavioral biometrics for mobile, delivering continuous authentication technologies to strengthen privacy and security and reduce fraud while improving customers digital experience. Application- and device-based solutions are in use at clients around the world, including major financial institutions.