SAS report: Banks must balance convenience with security

Speed and convenience of digital services benefit customers and fraudsters alike

Immediate access to credit. Mobile remote deposits. Rapidly clearing payments. So many added conveniences from banks and financial service providers make it easy for customers to access money quickly. Unfortunately, they do the same for fraudsters.

A report from analytics leader SAS and Javelin Strategy & Research, 2016 Digital Channel Threat Report: Derisking Convenience, reveals that digital channels are opening up unanticipated points of weakness for banks.

The EMV effect

EMV, also known as the “chip card,” looks to prevent point-of-sale and physical card threats. When the UK and European countries introduced EMV more than 10 years ago there was a different digital landscape. While EMV is still deterring criminals with its launch in the US from the standpoint of physical card fraud, the increase in digital channels is allowing other non-card schemes to arise. Now, seemingly endless digital options – wildly popular with consumers – open up alternate routes for fraudsters.

Look at the increased proportion of checking accounts opened digitally – up from 49 percent in 2014 to 70 percent in 2015. The simultaneous surge in new-account fraud – more than double the number of victims experienced new credit card account fraud in 2015 compared to 2014 – is no coincidence.

More mobile wallets, more inroads for fraud

Mobile wallets will only continue to increase in popularity in the coming years. By 2019, mobile wallet users are projected to reach nearly 90 million. The trend creates attractive opportunities for banks to gain and retain customers by offering bank-branded mobile wallets and services. Those that fall behind risk losing customers to competitors perceived as more tech-savvy.  

But the appeal is equally powerful for fraudsters. For example, the rapidly expanding capability to use a mobile device for transactions makes a stolen smartphone worth more on the black market. Then there’s “wallet takeover” or “device takeover” – when an unauthorized party logs into a financial account in a mobile wallet or installs an existing wallet on their own device. Because the fraudster is now in control of communication channels for the account, regaining control of that account is particularly challenging.

Disconnect between consumer sense of responsibility and action

The survey points to a heightened awareness among consumers of personal responsibility for the security of their banking data. About 46 percent say they personally bear the most responsibility for preventing fraud. Just 17 percent put the brunt of responsibility on financial institutions.

Yet despite owning responsibility, many customers fail to protect themselves in the simplest of ways. For example, less than a third of smartphone owners surveyed use mobile anti-virus or anti-malware software on their phones. Only a quarter change their mobile passwords periodically.

Three steps to a balanced fraud approach

SAS identifies three proven ways financial institutions can balance customer desires against fraud protection:

  • Solutions – Focus on security investments that carry the most reward, like device recognition, geolocation and biometrics. These are substantially tougher for fraudsters to intercept or falsify than SMS one-time passwords.
  • Analytics – Insights into behaviors, transactions and customer interactions are central to curtailing digital fraud channels and decreasing false positives.
  • Personnel – No security system can excel without properly trained personnel to operate it. Security staff need to stay up-to-date on innovative technology, ahead of new fraud schemes and mindful of customer needs.

“Most customers want to proactively protect themselves from fraudsters. Banks often think they’re doing everything they can to help their customers,” says Ian Holmes, Banking Fraud Solutions Manager at SAS, “but a little hand holding can go a long way to bring customers on board. Banks that break down barriers between customer-facing teams and risk and fraud operations will see the greatest benefit. That’s how to avoid simply pushing out technology without due diligence and proper education.”

To learn more, download the full report – 2016 Digital Channel Threat Report: Derisking Convenience – and visit the SAS Fraud and Security Intelligence web page. 

About SAS

SAS is a global leader in data and AI. With SAS software and industry-specific solutions, organizations transform data into trusted decisions. SAS gives you THE POWER TO KNOW®.

Editorial contacts: