The payments industry is beginning to leverage broader digital risk signals to better detect and mitigate fraud and scams. Legacy fraud detection traditionally has relied heavily on rules-based systems that are less able to detect evolving threats, such as fraud caused by generative artificial intelligence (AI), deepfakes and other relatively new technologies.
In comparison, a multi-layered approach that combines more advanced risk signals and verification methods allows for more effective customer security than any single solution. This approach may include one or more of the following “digital defenders.”
Using biometrics to verify financial institution users
Facial scans, fingerprints, voice recognition and other physical biometrics can securely connect the authorized user with the device itself and the financial institution’s app or portal. In addition, behavioral biometrics — which analyze how authorized users interact with a device to continuously verify their interactions — have proven highly effective in detecting and preventing fraud.
Employing device intelligence to protect users
Risk signals can be collected directly from devices. Is the device’s user on a specific app or on a phone call? Is the screen size the right size for the associated device? Is the Internet Protocol (IP) address known to be associated with fraud? In addition, risk signals can be derived from the user’s interaction with the device, such as whether the device login geolocation is physically more distant from a cell tower location than would normally be expected.
Risk-based multi-factor authentication (MFA) for financial institutions
When using risk-based MFA, an organization takes a transaction’s risk level into account when determining whether — or what type of — MFA to use to authenticate a user. For example, risk-based MFA may look at patterns related to the transaction value or whether the time of the transaction is unexpected for the account or device user. As a result, risk-based MFA is likely to generate fewer, more nuanced authentication requests, which creates a better customer experience.
Customized risk notifications
Instead of generic warnings, financial institutions can use sophisticated analytics to deliver personalized alerts based on the payee’s name, transaction amount, reason for the alert, or other specific details of suspicious transactions. These alerts require direct, verifiable responses from customers to ensure the authorized account owner is making the transaction in question.
In combination with these digital defenders, educating and empowering customers can help them actively protect their accounts — and themselves — from manipulation by criminals attempting to commit fraud and scams.
