Financial Services providers are dealing with the changing face of customer interactions. At many institutions, mobile logins have surpassed online logins, and consumers are voicing their demand for more mobile services. The FFIEC has even called for financial institutions to create a focused security strategy for mobile financial services.
This shift towards mobile puts extreme pressure on those in the financial services industry to raise the bar on security while balancing consumer convenience and experience. However, we know that many financial service mobile apps have security vulnerabilities. Businesses may be at risk of losing customers to other providers that can offer a more secure experience.
InAuth provides a unique and permanent device ID for mobile apps and a similarly strong ID for browser, allowing you to identify devices with confidence. Once a user is tied to an InAuth device ID, you’re able to better recognize and trust returning devices, allowing more customers to transact faster and with greater ease. Authenticating your customers can be done within a few steps, providing a better user experience.
New Account Opening, Payments, and Account Takeover fraud are expected to rise as the world becomes more digitalized. Card-Not-Present fraud is set to rise to $7.2B by 2020. To combat these attacks, InAuth performs mobile device integrity screening, such as malware/crimeware detection, advanced root and jailbreak detection, and application validation, as well as collects thousands of device attributes to uncover risk factors like location inconsistencies, anomalies, velocity attempts, etc.
ACCOUNT OPENING & ONLINE / MOBILE BANKING / P2P ENROLLMENT
Online application fraud has increased dramatically since EMV rollout. It’s estimated that U.S. DDA application fraud losses due to first-and third-party fraud will grow to $694 million by 2020. By leveraging InAuth’s device ID and elements to score risk on the opening of an account, enrollment in online or mobile banking, or enrollment in a P2P program, you can gain greater insight into the trustworthiness and reputation of the device, allowing better decision-making around approvals.
SECURE STEP-UP AUTHENTICATION
Traditional step-up authentication methods, like one-time passcodes delivered through SMS, are inherently insecure and a poor experience for your customers. Give your customers a better experience—one that is secure and specific for that user. InAuthenticate pushes secure, encrypted messages to your business app on a trusted device, allowing the customer to verify a transaction seamlessly. The message can only be delivered to the intended, trusted device and allows for secure communication between your customer and your business.
MOBILE WALLETS / CASHLESS PROGRAMS
Ineffective authentication of credit cards provisioned to mobile wallets and cashless programs have resulted in dramatically-increased fraud rates at some banks. InAuth can enhance the success percentages of credit card loads into any mobile wallet, cashless program, or loyalty program by ensuring that the device is trusted. By leveraging InAuth’s device ID and elements to score risk, including detection of velocity attacks, you can gain greater insight into the trustworthiness and reputation of the device, allowing better decision-making for account opening and card enrollment.
InAuth uses deep location lookups to uncover device anomalies or inconsistencies, such as geo-location inconsistencies, new location, GPS disabled, geo-radius. Understanding geo-location patterns specific to your business policies enables more trust with your customers, allowing you challenge them less, and provide a more frictionless, seamless banking experience.
FULLY-FEATURED MOBILE EXPERIENCE
Knowing the device is used by a ‘good’ customer and that it is operating within normal tolerances means the bank ‘knows’ the device as part of 2FA. Once a device is trusted, banks can offer a fully-featured mobile experience including the ability to add payees, make high-value transfers, make remote deposits, etc.
InAuth provides the ability to score device risk according to your individual fraud policies. We provide device confidence scoring on every transaction and login in real-time, allowing for batch-event investigation or real-time blocking. InAuth also provides raw data from the device that can be applied into any existing back-end system in your environment via RESTful services APIs in order to better understand device trustworthiness and act according to your specific organizational policies—allowing, denying, or requiring additional authentication.
REDUCED OPERATIONAL COSTS
Through our InPermID and risk assessment capabilities, InAuth enables you to use the mobile device as a trusted token, lessening the reliance on costly and ineffective channels, like SMS and call center.
REDUCED CHALLENGE RATES
Once a user or account is tied to an InAuth device ID, and businesses are able to lower challenge rates for return users and make better decisions on who and when to enforce additional authentication measures. Used in conjunction with other security practices, Inauth’s device ID can do away with step-up challenge questions (ex. “What is your mother’s maiden name?”) or one-time passcode processes entirely.
This InAuth White Paper takes a look at some specific sections of the FFIEC recommendation to illustrate how next-generation device intelligence technology like InAuth can enable FIs to mitigate risk in the mobile channel.
This white paper will examine “Know YourDevice” (KYD) as a method to not only protect against fraud, but also enhance your customer’s digital channel experiences and compete in a crowded marketplace.