If there is an unpopular constant in the payment, it is fraud.
Recently, fraud has multiplied by reproduction, social engineering scams and others are surpassing traditional fraud prevention measures.
To fight fraudsters, financial institutions (FIS) especially need to adopt a positive, holistic approach to security and scam protection, Entersekt CEO Schalk Nolte told PYMNTS. This means using behavioral analysis and other risk signals to determine the context and effectively strengthen defenses when necessary to protect consumers and ensure optimal payment experience.
Given that e-commerce and banking are intertwined, it's not easy.
“Humans are still the weakest point of attack, and it's a terrible world,” Noult said.
In the post-construction era, banks often interact with customers to improve security. Many FISs have two-factor authentication, push notifications, or FIDO Passkeys.
“They have all these things, but there is no integration,” Noulter said. “Each type of attack requires different responses and different approaches.”
Beyond MFA
He said Entersekt’s roots lie in multifactorial authentication (MFA), but relying solely on push-based proof of authentication, in an era when hackers can intercept text messages or attract unwilling victims to “send” and lose money in their heartbeat, it proves limited defense.
Scammers are good at imitating bank employees via phone and text to convince their goals that they now need payment. This is how human nature is, and individuals may panic and succumb to pressure. Behavioral analysis adopts itself and may verify the devices used in e-commerce, but may create frustrations that allow fraudulent transactions to pass, or on the other hand, may block a real account holder, causing frustration.
The bigger the bullet, the thicker the armor required. Thicker armor is used to verify transactions and individuals through a layered approach. Noulter said Entersekt has been deploying behavioral analysis and context metrics to get signals that can provide about whether the phone is manipulated.
GeoLocation provides another security line. For example, it is impossible for Miami users to start a transaction from Myanmar. He said the layered approach shifts signals from one “type” defense to another and tells FI when it should step up friction and involve customers to make the transaction with the final permission.
“You can't just use one type of solution,” Noulter said, adding, “if you can use a platform that takes advantage of all this stuff together,” like EnterSekt, “and you can integrate them, it's very effective.”
“If we look closely, this is you, but the transaction originates from a different channel than other locations. So let's not only do behavioral analysis, but let's do close to validation'' somewhere, where we ask customers to see if they can scan the screen in front of them because they won't scan anywhere else.
The effectiveness of the Entersekt method is reflected in the numbers. Nolte recounts how large FI customers in the U.S. saw payment fraud drop by 99% after deploying the Entersekt platform, while the login is “98% frictionless.” In other cases, the smaller FI, Zelle and account takeover fraud rates fell by 90%, while allowing for higher authorization rates.
“We want to make sure that FIS is as easy as possible to find it as easily as possible.
