South African financial institutions are under severe pressure to better secure their mobile services. Fraud and increasingly sophisticated phishing attacks are massive challenges for organisations providing financial services via mobile devices, whereas the demand for them from consumers is booming. One of the delicate balancing acts that these institutions have to maintain is making mobile transactions secure without erroneously declining legitimate transactions.
“Recent research by Javelin shows around 30 percent of all mobile sales are rejected because of suspected fraud when they are actually valid. These ‘false declines’ are a source of huge frustration for consumers, merchants and financial services companies. They indicate that a significant rethinking is needed around mobile security and authentication systems,” says Schalk Nolte, CEO of Entersekt.
“Regulators across the globe are calling for greater protection for consumers who transact digitally. In the past few years, authentication has been a key regulatory focus, and one of the ongoing debates is over the relative benefits of multi-factor authentication (MFA) versus risk-based authentication (RBA).”
Often viewed as a more user-friendly alternative to MFA, RBA is a non-static authentication system that takes into account the profile of the user who is requesting access to the system (their location, historical transacting habits, and so forth) to determine the risk associated with a particular transaction.
“Advances in machine learning are making this approach highly appealing, as is the low input that RBA requires from the end user – but it is not foolproof,” adds Nolte.
Against the disadvantages of RBA, push authentication is emerging as a more secure and user-friendly approach. Not only does this method protect users against fraud; it also creates a trusted channel through which financial service providers can develop their user experience and deploy new services in future. This is a significant win in a consumer environment characterised by rapid change.
“Given the furious pace of innovation that is now shaping the mobile sphere, financial service providers have to ensure that they are well positioned to keep up,” Nolte advises.
The best way to achieve this is to invest in a scalable mobile security architecture, created for your institution by a proven industry leader. Establishing a secure channel between your users’ mobile devices and your on-premises servers will ensure that users can do anything you dream up for them to do, without the risk of fraud. The right security vendor will lay the groundwork for a future-proof, secure and mobile-first service offering.