Combat fraud and friction in digital banking with context aware authentication

Transcript 

00:00:00  - Introduction and overview of the session

Paul Provenzano, Vice President of Market Development for ebankIT, opens the session by welcoming the attendees. He introduces the purpose of the webinar, which focuses on combating fraud in the digital banking space. He highlights that the event is hosted in partnership with Entersekt, an authentication platform provider, and emphasizes the global significance of the topic.

Paul then provides a brief overview of the session format, mentioning that it will be conversational, structured as a fireside chat, and lasting for 30 minutes. He notes that the event will be recorded and shared with registered participants, and encourages attendees to submit questions through the chat for a Q&A session at the end. He also mentions that the webinar will explore use cases towards the end of the discussion.

Next, Paul introduces the panelists: Mzukisi Rusi, VP of Product Development at Entersekt, and Pedro Azevedo from ebankIT. Mzukisi introduces himself, explaining that Entersekt is focused on helping financial institutions fight modern and legacy fraud techniques targeting user accounts. With this, Paul sets the stage for the conversation, addressing the rapid evolution of digital banking, the increasing importance of online security, and the challenge of balancing security with a seamless customer experience. He then asks Mzukisi and Pedro to share their perspectives on the evolving threat landscape in digital banking.

00:05:00 - The evolution of fraud in digital banking

Mzukisi Rusi from Entersekt discusses the evolution of fraud in digital banking and how fraudsters continue to innovate. He explains that, historically, authentication was based solely on usernames and passwords, and fraudsters used tactics like phishing, credential stuffing, and social engineering to compromise accounts. In response, the industry introduced one-time passcodes (OTPs), which have remained a common method despite their vulnerabilities, including attacks like SIM swaps and malware.

Mzukisi highlights that Entersekt pioneered out-of-band authentication around 15 years ago, moving away from OTPs to push notifications sent to trusted devices for added context, like confirming if a user is trying to log in or transfer funds. However, fraudsters adapted by tricking users into accepting these push notifications, prompting further innovation. Entersekt developed methods to verify device proximity, such as scanning a QR code, to ensure that the user is physically near the trusted device.

He points out that the current trend involves fraudsters manipulating users directly, such as through phone signals to impersonate a legitimate transaction. Mzukisi emphasizes that Entersekt is constantly innovating to address these challenges and protect users from such tactics.

Pedro Azevedo from ebankIT adds to Mzukisi's points, explaining that, from the perspective of a digital banking platform, these fraud threats significantly impact user trust and engagement. He notes that cyberattacks have doubled since the pandemic, with financial losses from these incidents increasing substantially over the past eight years. Pedro mentions that financial institutions must balance delivering a seamless digital experience while mitigating fraud risks and complying with regulatory requirements. He also references a range of threats, from phishing and malware to account takeovers and payment manipulation.

00:10:00  - Balancing security with user experience

Pedro Azevedo continues the discussion by emphasizing that banks cannot operate in isolation due to the impact of regulations like PSD2, open banking frameworks, and global security mandates. While these regulations are designed to protect customers, they also add complexity to banking operations. 

Pedro highlights that, beyond financial and regulatory risks, banks also face the challenge of protecting their brand image. Trust is a crucial element of the customer-bank relationship, and a single security breach can severely damage a bank's reputation and erode years of customer trust. As a result, banks need to find ways to enhance security while maintaining a frictionless user experience.

Pedro concludes by stressing the importance of balancing security with user experience, suggesting that with the right strategies and technologies, banks can protect their customers while still providing the seamless experience that users expect. Paul Provenzano agrees with Pedro’s point, acknowledging it as a natural segue into the next topic of discussion.

00:15:00  - Demonstration of a secure yet seamless login

The discussion continues with a focus on the balance between security and user experience. Paul Provenzano highlights the issue of increased security measures often leading to higher friction, which can cause customers to find ways around these measures for convenience. He points out that older security methods, like password rotation or security questions, can frustrate users and lead to poor practices, while generic messages tend to be ignored, making them ineffective. 

Pedro Azevedo emphasizes that the key to successful security measures is to integrate security seamlessly into the digital experience, rather than bolting it on as an afterthought. He advocates for embedding security into the user journey in a way that feels natural and intuitive, ensuring that the underlying technical complexity does not negatively impact the user experience. By doing this, banks can protect customers without compromising the seamless experience they expect.

Paul agrees, noting that giving customers some control over their security settings enhances fraud prevention from both the financial institution's and the customer’s standpoint. He then transitions the conversation to a demo of use cases that demonstrate how security can be implemented without adding unnecessary friction. 

José takes over to showcase the demo. He starts with a typical web login where the user inputs their username and password. Instead of logging in immediately, the user receives a notification on their mobile phone asking for approval. After biometric verification, the user can quickly proceed with the login, demonstrating an extra layer of security without adding significant friction. Once logged in, the platform provides a variety of security options, allowing users to manage their settings, including notifications, passwords, and user access, further emphasizing the blend of security and convenience.

00:20:00  - Use case of a secure money transaction

José continues demonstrating how security features can be seamlessly integrated into digital banking without disrupting user experience. He explains that users can manage device access, ensuring that unauthorized devices can be removed easily. He then activates an additional layer of security for financial transactions, showcasing how authentication powered by Entersekt enhances protection.

Jose highlights a unique feature of ebankIT’s platform: switching profiles within the same login session. This allows users to access multiple accounts under different roles—such as personal accounts, small business accounts, or corporate accounts—without logging in separately. He demonstrates how switching profiles changes the banking interface and available functionalities based on the user’s role, providing a personalized experience. This feature can also be used for youth accounts or other specialized access levels.

Next, Jose walks through a secure money transfer process. He selects a payroll account, inputs transaction details, and confirms the transfer. Instead of completing the transaction immediately, he receives a push notification on his mobile device. This notification displays transaction details, allowing him to either accept or reject the transfer. He approves it using biometric authentication, demonstrating how an extra layer of security is applied while maintaining a smooth user experience.

After concluding the demo, Paul thanks Jose and transitions to closing remarks. With only a few minutes left, he asks Pedro and Mzukisi to share their final thoughts. Mzukisi emphasizes that there is no single silver bullet for fraud prevention, and effective security requires a multi-layered approach. He highlights the importance of innovation, partnerships, and understanding financial institutions’ specific needs, demographics, and user preferences when implementing fraud prevention strategies.

00:25:00  - Concluding thoughts

In the final five minutes of the webinar, Mzukisi emphasized the importance of staying ahead of the evolving fraud landscape. He reassured financial institutions that through continuous monitoring and proactive security measures, they can remain protected without having to constantly worry about new threats. The goal, he explained, is to offer peace of mind by ensuring that security is seamlessly integrated into the banking experience.  

Pedro from ebankIT followed up by reinforcing the company's mission to provide a best-in-class digital banking experience that meets the needs of all customer segments, from consumers to small businesses and commercial clients. He stressed that every customer should have a consistent and frictionless experience within the same banking platform, without needing to manage multiple apps or credentials. Security, he noted, should be embedded from day one, rather than being an afterthought, allowing banks to remain compliant while still delivering an excellent user experience. He highlighted the importance of strategic partnerships, such as the collaboration between ebankIT and Entersekt, which enables financial institutions to tackle growing fraud risks while continuing to innovate.  

The discussion then moved to a question from the audience regarding how configurable the ebankIT platform is for different payment methods and how Entersekt integrates into it. Pedro explained that ebankIT supports a wide range of money movement options, including intra-bank and interbank transfers, bill payments, and peer-to-peer transactions through services like Zelle and Interac. The platform is designed to be flexible and can be tailored to meet the specific needs of different financial institutions. He emphasized that integrations like the one with Entersekt help elevate the overall security framework, ensuring that fraud prevention measures do not interfere with the user experience.  

Mzukisi added that fraudsters often rely on users simply approving login attempts, which is why security should not be limited to the authentication stage. Instead, platforms need to monitor high-risk interactions, such as external transfers and ACH payments, and apply appropriate security measures when necessary. Entersekt’s technology enables financial institutions to assess the level of risk associated with each transaction and determine whether frictionless approval is possible or if additional verification steps are needed. This flexible, rule-based approach ensures that security is both effective and seamless for users.  

As the webinar came to a close, Paul thanked all participants for taking the time to join the discussion. He reiterated the importance of balancing fraud prevention with a smooth and elegant user experience to build trust between financial institutions and their customers.