Biometric Multi-Factor Authentication for Mobile Banking/Money Apps – Why is it Important?    

Performing payments, money transfers, and other financial transactions have become more convenient through mobile devices from both banking providers and other fin-tech companies.

With this increased use of digital banking, mobile money apps, and money transfer services, the Fin-Tech sector is seeing a rapid growth in ever-more sophisticated attempts at account takeovers and identity thefts.

To protect their customers and their platforms from these fraudulent, banks and other fin-tech providers need to improve their identity verification procedures to ensure that the person seeking access to their services is the legitimate identity owner.

The PCI Security Council mandates the use of multi-factor authentication for all mobile payment devices, with the incorporation of at least two of the following factors: something you have, something you know, something you are (biometrics). The Federal Financial Institutions Examination Council recommends multi-factor authentication for digital banking. Identity biometrics is often regarded as an ideal authentication factor because of its ability to provide a higher level of certainty and clear audit trails of the user. 

Fraud Cases Continue to Threaten the Financial Sector

Using ever-sophisticated techniques, criminals are discovering more ways to steal identity data for use in the creation of synthetic identities to open new accounts and to hijack accounts of legitimate customers.

In their 2020 Identity Fraud Report, Javelin Strategy & Research reported that fraud losses in the financial sector increased by 15% in 2019, amounting to $16.9 billion, with consumers shouldering over $3.5 billion in personal out-of-pocket costs of that fraud

The Federal Bureau of Investigation (FBI) noted a 50% increase in mobile banking activities since the start of 2020. With closed banking branches and social distance mandates, Americans have become more willing to use mobile banking as an alternative to physically visiting branch locations. This surge in online banking and mobile app utility provides the opportunity for a new wave of data breach and fraud.

Even with the COVID-19 pandemic, criminals are relentless. Cyberattacks targeting the financial sector increased by 238% at the beginning of the pandemic when quarantine measures were first imposed.

Conventional authentication procedures like SMS codes, one-time passwords, phone number checks and mobile-device authentication are insufficient to meet today’s sophisticated criminals and provide poor audit trails of the true identity of the person who performed the authentication.

A combination of authentication factors provides multiple security layers for validation processes, especially when using biometric solutions. With the use of a selfie coupled with active liveness detection at the time of authentication, banks can verify their customers’ true identity before authorizing transactions.

Financial Transactions Performed through Non-Bank Fin-Tech Solutions Entail Security Risks

Identity compromise attacks also target other means of non-bank solutions including money transfer, cryptocurrency, and investment apps. With the ongoing pandemic, more consumers are relying on these mobile solutions as a convenient means to carry out financial activities. Almost 60% of Americans are using apps like Zelle and Venmo for peer-to-peer (P2P) payments.

However, money transfers done outside of banks are not guaranteed or secured by the provider, and customers may not be compensated for stolen funds. Most bank accounts are insured by the Federal Deposit Insurance Corporation (FDIC), and as of 2020, up to $250,000 worth of deposit insurance is provided per customer for FDIC-insured firms.

Identity verification processes need to be implemented to validate the authenticity of a person who is trying to gain access to non-banking fin-tech services. Asking customers to blink and smile, among other gestures, are some of the liveness detection features done in biometric multi-factor authentication to prevent criminals from faking their victims’ identities.

Mobile Device Biometrics Do Not Guarantee an Identity or Provide an Audit Trail

Mobile phone manufacturers have integrated the use of fingerprint and facial recognition into their newer devices as an added security feature. It uses built-in fingerprint-sensor and facial recognition technology to confirm consent from the device owner before proceeding with digital activities, including banking and other money-related endeavors.

However, this security feature has some limitations. Currently there is no identity verification performed on the device owner when enrolling their fingerprint or face. This feature also cannot provide an audit trail for transactions. Audit trails are records of operations that can be traced to their sources.

With numerous digital banking activities occurring, especially as most people are still in quarantine, audit trails are essential for determining the validity of purchases and money transfers.

Banks need identity biometric multi-factor authentication solutions that provide audit trails for due diligence with regulation compliance.

Conclusion

Mobile banking and P2P transfer activities were already on the rise with changing industry trends. However, the COVID-19 pandemic has caused a sudden surge in more digital traffic in the fin-tech sector, which has increased opportunities for exploitation and identity fraud.

authID‘s Verified Consumer^TM solutions provides secure remote identity verification and biometric multi-factor authentication complete with a biometric audit trail of identity and consent to specific transactions to help financial firms eliminate identity fraud and provide secure services and seamless user identity authentication experiences to customers.

Schedule a Demo with authID

authID.ai is a provider of an identity authentication platform that delivers a suite of secure, biometric identity solutions, available to any vertical, anywhere. With authID‘s solutions, banks can implement identity verification and unphishable multi-factor authentication and conduct audit trails with mobile transactions for convenient and secure banking. Contact authID today at +1 516 274 8700 or visit our website at authid.ai to schedule a demo.