Ken Jochims Jul 27, 2020 10 min read

Create a secure yet frictionless online banking experience

Verifying that a user is who they claim to be while online is the fundamental basis of cybersecurity. We’re all used to being authenticated at some point in our online journeys, whether it’s through a password login or an OTP sent to our phones when we’re attempting to make a transaction.

Why the need for continuous authentication?

The more authentication checks there are during an online session, the more secure customers and the bank are against fraud attacks.

This is why Strong Customer Authentication (SCA) is required under EU financial regulation PSD2, where users must present at least two separate authentication factors.

These factors must come from at least two of the following categories: something the user is (inherence), something they have (possession), and something they know (knowledge).

However, it also follows that the more checks you require users to go through, the more frustrated and dissatisfied they will become at the process, and the more likely they are even to give up altogether. 

what-is-continuous-authentication-06

McKinsey reported that during the global pandemic, more than one in five banking customers in Spain and Britain tried online banking for the first time. It’s the same story for retail bank customers around the world.

Given the competitive nature between the many players in this market and driven by a post-pandemic landscape seeing a huge shift towards online banking and contactless payments, banks cannot afford to lose out by offering a poor online customer experience.

 

Current ID checks not stringent enough

Multifactor authentication (MFA) and other friction-inducing traditional authentication methods may no longer be rigorous enough to comprehensively protect users from fraud attacks or deliver competitive user experiences.

Methods of authenticating users, such as the traditional password login, are fast going out of date. 

what-is-continuous-authentication-03

This is for two reasons:

what-is-continuous-authentication-01


What is continuous authentication?

Continuous authentication is the process of analyzing users’ behavioral biometrics – the way a user moves the mouse, the speed and rhythm with which they type, and the angle at which they usually hold their phone – a unique profile, Revelock calls a BionicID that can be created for every single user based on thousands of parameters surrounding their online interactions and behaviors, so you can really get to know your user.

This means that an anti-fraud solution founded in behavioral biometrics can compare a user’s behavior against their entire online history to ensure they are who they claim to be.

This analysis can produce a risk score in real-time relating to the level of threat to the user or their account’s security.

Comparing a user’s behavior against their own profile, rather than against clusters of ‘good’ or ‘bad’ users or behaviors, can deliver an extremely accurate profile of each user and avoid generating false positives or negatives.

The important idea is that authentication occurs continuously and silently throughout a user’s entire online banking session, from login to logout, meaning they are protected from all kinds of threats, including RAT and Account Takeover attacks attempting to gain access to their account. 

 

what-is-continuous-authentication-07

A frictionless user experience

The biggest advantage of continuous authentication for banks is the frictionless user experience it facilitates. The technology delivers passive protection, working behind the scenes to analyze the user’s biometric behavior throughout their entire online session.

There is no active requirement for users to input any information except their login details. 

Plus, one of the two factors of authentication required under PSD2 and SCA – in behavioral biometrics’ case, the factor of inherence – is carried out invisibly to the user, meaning the user experience is actually tangibly improved by the introduction of continuous authentication.


Risk analysis of any interaction is evaluated in real-time, allowing action to be taken even before an account is compromised.



The if threat levels exceed predefined levels, security can be stepped up to ensure the user is who they say they are, or their session can be terminated. If all threat indicators look good, the user is transparently and silently allowed to go about their business.

 

what-is-continuous-authentication-05

Continuous authentication: dynamic fraud prevention that leaves the user uninterrupted

Continuous behavioral biometric-based authentication facilitates banks’ compliance with financial regulations - is extremely effective in protecting against bad actors due to its deep learning technology that keeps a running analysis of every user interaction becoming more accurate with each interaction.

With passwords potentially on the way out, the quest for the most frictionless user experience continually underway, and PSD2 imposed SCA verification requirements; it’s safe to say the ability to verify users’ identity silently in the background while they’re online is going is already of paramount importance.

avatar

Ken Jochims

Ken has over 25 years of enterprise software product marketing experience delivering fraud prevention, customer support, identity and access management and IT infrastructure solutions to financial institutions and fortune 1000 companies. Prior to Arxan Technology Ken worked for Neustar, ThreatMetrix, Guardian Analytics, Genesys, CA Technologies, NeXT Computer and Apple. Ken received a BS in Engineering Technology from California State University, Long Beach, and outside of work Ken can be found hiking, mountain biking and working on cars.