By Farkas Rabai, technical product manager, One Identity
With one third of cybersecurity incidents being identified as previously unseen threats, companies including financial institutions struggle to defend themselves from an enemy they can’t visualise and whose techniques and attack methods are still unknown. One of the ways the financial sector can get ahead of the curve and strengthen their security posture is the use of behavioural biometrics.
The sophistication of attacks is on a constant incline. Determined attackers can often integrate numerous components to gradually infiltrate their victim’s network and launch a discreet attack or, on the contrary, launch a vast attack at the most opportune moment. Very often, one of the main vectors is the violation of a user account (a regular user or an administrator with privileged access) via phishing attacks, for example. The reason is simple: if the attacker succeeds in posing as a legitimate user – or if the attacker himself is a collaborator – it becomes difficult to detect that his actions are malicious.
But in recent years, a counter-offensive has been launched thanks to machine learning and behavioural biometric technologies which reduce the advantage taken over time by cybercriminals over defenders.
The rise of biometrics
Biometrics refer to measurements related to human characteristics. The uniqueness of certain characteristics, such as fingerprints and irises, make them a potential way to identify individuals with accuracy, without the risk of a password being stolen or a code forgotten. Most people are familiar with physical biometrics. However, hackers have discovered clever ways to steal or duplicate fingerprints. For example, it is possible to take a picture of the glass a person has touched and create a fingerprint with a 3D printer. Behavioural biometrics, as opposed to physical biometrics, is a new and effective defence against cybercriminals. Our physical traits are not the only things that make us unique. The way we speak, type or write can distinguish one individual from another as reliably as fingerprints.
The evolution of biometrics: reading behaviour
Behavioural biometrics are an effective form of authentication for a number of reasons. First, because of its accuracy, it is more secure than physical biometrics. Indeed, because of its nature, behavioural biometric data is unlikely to be stolen or replicated by another person or machine.
As its name suggests, it allows for the monitoring of behavioural patterns. How can it be used? Machine learning technology will analyse a user’s behaviour for several weeks to create a profile of its own. Once the technology is operational, it becomes capable of detecting any deviation in behaviour by observing and correlating dozens of factors. And because it is executed using algorithms, it is constantly being improved.
The data examined includes: mouse movement, typing style, IP address, computer or applications used, etc. The software analyses and records the behavioral patterns of individuals and groups. With a behavioural biometric scoring system ranging from zero to 100, companies can easily assess the risk involved. The closer the score is to 100, the higher the level of risk.
How do Behavioural Biometrics work?
The principle at the basis of behavioural biometrics is to set up a baseline profile for a privileged user or account. This baseline contains, in a way, the connection habits, for example, the time of connection, the systems accessed, the browser used, etc., but also biometric data that is unique to each individual.
The risk score will be between 0 and 20, when an employee maintains his or her work habits. However, if the employee logs on to the system at 2 a.m., which is abnormal behaviour, the biometric system will then trigger a signal and the score will be raised to around 40. If he or she is connected to his or her computer, following his or her usual behavioural pattern (similar portal, same way of clicking, etc.), the system will not shut down.
If the score is higher than 50, for example, the security team will receive a notification. This will allow the security team to do further investigation. Since the score is divided into different algorithms and each factor is weighted differently, it is possible that the night-time logon may have generated a security alert, but since the behavioral pattern is verified, the security team can conclude that there is no obvious malicious behaviour. This helps to ensure that operations run smoothly and provides staff with a high degree of flexibility in their work.
Unfortunately, there is no panacea in cybersecurity, and no solution will ever be completely secure from all types of attack. Given the tools currently available, however, behavioural biometrics seem the most reliable way to identify users with critical security clearances and access privileges – after all, security starts with identity.
WHY DIGITAL TRANSFORMATION IN FINANCIAL SERVICES IS ABOUT CULTURE FIRST, TECH SECOND
Stuart Templeton, Head of UK at Slack
In today’s world, there’s no such thing as a ‘non-tech fin’. Every financial services company needs to consider itself a fintech in order to bring about the innovation, speed, and transparency that customers expect, and that’s why most are pumping significant investment into their digital transformation efforts.
Part of the challenge faced by traditional incumbent banks is that they rely on legacy core systems that stifle the speed of change. These core systems were not built in an API first era. The good news of course is that the obligations of PSD2 and open banking have gone some way to facilitate future innovation.
While legacy banking platforms do continue to present a technical challenge, the human one can be even greater. Traditional institutions are often faced with the prospect of rebuilding their culture from scratch in the pursuit of becoming digital-first. Like many industries, the fundamental challenge is one of coordination: the creation and maintenance of alignment over time.
Couple this with the fact that the expectations of today’s workforce are changing, then companies in the industry have a real job on their hands. A growing percentage are digital natives, and millenials – who greatly value trust and transparency – make up the largest proportion of the workforce today. So how have businesses in the industry historically ingrained culture, and how does this need to change?
Old ways of working – Team A, and Team B
Traditionally, the culture within large financial organisations has been separated by two distinct teams: operations, and tech. They are driven by seemingly opposing forces – one by GANTT charts and lofty business goals, the other by agile software delivery and customer obsession. Often, the two don’t even speak the same language, let alone collaborate and share ideas. Of course there are digital projects, but they aren’t the embodiment of the business, and often tech teams find themselves battling to get buy-in from internal stakeholders who are somewhat removed from those that drive innovation.
Part of the problem is even the notion of having digital transformation projects – there is no such thing in today’s environment – as digital is an overarching movement, and financial services institutions must think of themselves as ‘digital factories’ in order to see a marked change. It is no longer enough to deliver tech updates both internally and externally once every few months, with speed diminished by layers of bureaucracy.
What needs to happen, then, is that these two business segments need to find a way to blend that helps the old incumbents forget their binary ideas of teamship from time gone by and instead let them come together to become one unit. Flattening the established hierarchy so that workers from across all lines of the business can communicate, share ideas and identify problems in real-time is, after all, the key to addressing the transformation gap. They need to think on their feet and iterate as they go: it’s agile thinking, but permeating outside of just the software delivery cycle.
Eating the elephant – one bite at a time
The solution, in theory, is relatively simple: companies need to break open the silos of information created by technologies like email and ensure anyone within a business has access to the knowledge and skills they need to make their projects a success. But of course, in practicality, this can present a seemingly insurmountable task.
Using technology to create an agile and transparent working environment that fosters collaboration is key for many financial services organisations that want to see real tangible results from their investments. Digital natives such as TransferWise and Starling Bank are getting this right by prioritising a decentralised business model, one that empowers collaborative working and knowledge sharing that in turn has a positive impact on employee satisfaction and retention.
They do this through collaboration hubs that provide a rich, permanent, searchable record of knowledge for everyone in the organisation.
Looking ahead: Team ‘us’
Predictions are very difficult, but in five years’ time we can expect to see a greatly altered perception of the financial services industry. We can expect that digital communications tools will continue to play an integral role in the evolution of their workforce culture, helping to bring the right people together internally within the business, as well as strengthening relationships externally with partners and customers alike.
Ultimately, in order to keep learning and improving, banks need to ask questions of themselves as competition and customer demand becomes more fierce: “Why are we doing this?” “What’s the benefit here, and who are we considering in the pursuit of this goal?”
To answer these things, a culture of collaboration and openness is key – underpinned, of course, by the tools that empower it.
DISPELLING BIOMETRIC MYTHS AND MISCONCEPTIONS
By Lina Andolf-Orup, Head of Marketing at Fingerprints
Gangsters cutting off enemies’ fingers to access secret locations and spies lifting fingerprints from martini glasses – the imagination of the entertainment world has been running wild ever since biometrics entered the scene.
Couple that with the limitations of some early biometric solutions from fifteen years ago, still anchored in the minds of many consumers, and you have the perfect recipe for an apprehensive and uncertain public.
Thawing lukewarm attitudes with a biometric touch
The biometrics industry has made great strides in the last few years – something particularly true for smartphones. Fingerprint authentication has replaced PINs and passwords as the most popular way to authenticate on mobile, with 70% of shipped smartphones now featuring biometrics.
And it doesn’t end there. Many adjacent markets are now eager to benefit from the secure and convenient authentication solutions that biometrics offer. Take the payments industry, for example, where biometrics payment cards are currently gathering real momentum.
However, some consumers are still uneasy about accepting biometrics. A recent study found that 56% of US and EU consumers are concerned about the switch to biometrics as it’s not enough understood to be trusted.
Although attitudes are shifting for the better, stats like this demonstrate there is still some work to do to disprove common biometric myths and showcase just how smart today’s solutions really are.
Dispel, adopt, repeat
The evolution in consumer biometrics in the last two decades has been phenomenal. And today’s solutions are far more advanced and safe than many may think.
To help bring an end to the myths, let’s expose some of the most common misconceptions around biometrics.
Myth: Biometric data is stored as images in easy-to-hack databases.
A leading myth about biometrics is that when a fingerprint is registered to a device, it is stored as an image of the actual fingerprint. This image can then be stolen and used across applications. In reality, the biometric data is stored as a template in binary code – put simply, encrypted 0s and 1s. Storing a mathematical representation rather than an image makes hacking considerably more challenging. In most consumer applications, this template is also not stored in a cloud-based location, its securely hosted in hardware on the device itself for example in the smartphone, in the payment card. Thus, it stays privately with its owner.
Myth: Fingerprints can be easily replicated to ‘trick’ devices.
The internet is full of articles and videos that claim it is possible to use materials from cello tape to gummy bears to craft fingerprint spoofs and access biometric systems. Although there may have been a time where gummy bear spoofing was the go-to party trick, todays’ consumer biometric authentication solutions have too many technological defences, such as improved image quality and matching algorithms, to simply ‘trick’ devices. Plus, on top this, the criminal needs to have access to the person’s device where this fingerprint is enrolled e.g. smartphone, payment card, before he/she notices and blocks it. This is not scalable nor common, in comparison to gaining access to someone’s PIN code or skimming a contactless card.
Myth: Physical change will prohibit access to my device.
Although our irises don’t change as we age, our fingerprints can and our faces will. Does that mean we have to update our biometric devices every few months to capture these changes? Not quite! Unless there are drastic, sudden changes, the ‘self-learning’ algorithms in modern-day biometric systems are able to keep up with our developing looks.
Who you gonna call? Mythbusters!
These are just some of the common biometric myths and misunderstandings perpetuating in consumer mindsets. Thankfully, though, while we’re working hard to rid the world of the myths, belief in the value of biometrics is only expected to grow. But as solutions expand and diversify, the myth-busting fight will continue.
Fingerprints has been a leader of innovation in biometrics for the last two decades. We’re proud of the expertise and R&D we’ve been able to pour into our biometrics solutions to deliver stronger security and a better user-experience. To learn more about the most common biometric misconceptions and the modern-day technology that allows us to dispel them, download our eBook here.
CUSTOMER CARE TODAY WILL BUILD RESILIENCE FOR FUTURE CRISES
Cathal McGloin, CEO of ServisBOT writes, “The COVID-19 pandemic has created major spikes in calls to financial sector helplines dealing with customers...
THE CO-BRAND CREDIT CARD MARKET – SINK OR SWIM
By Chris Vinnicombe, VP Financial Services at Acxiom The co-brand credit card market is the result of the partnerships between...
HOW TO MANAGE YOUR CASH FLOW IN UNCERTAIN TIMES
While the world is constantly changing, probably at a faster pace now than ever before, businesses need to manage cash...
NEW IVALUA STUDY SHOWS TECHNOLOGY CHALLENGES ARE HINDERING PROCUREMENT TEAMS FROM ACHIEVING BUSINESS OBJECTIVES
Lack of system integrations and actionable insights are stopping organisations from accurately measuring performance Ivalua, a leading provider of global...
WHY DIGITAL TRANSFORMATION IN FINANCIAL SERVICES IS ABOUT CULTURE FIRST, TECH SECOND
Stuart Templeton, Head of UK at Slack In today’s world, there’s no such thing as a ‘non-tech fin’. Every...
STOP THE CONFUSION: HOW TO KNOW IF YOUR BUSINESS MAY BE INSURED AGAINST COVID-19
By Alex Balcombe, Partner at Harris Balcombe The last few weeks has seen businesses in hospitality, tourism, retail, leisure...
BRAVE NEW WORLD: A FUTURISTIC VISION OF PAYMENTS
James Booth, VP, Head of Partnerships in EMEA for PPRO Over the last ten years, the retail e-commerce ecosystem...
A PROPTECH FOUNDER’S BEGINNING, THE START OF KLEVIO AND HOW ACCESS-TECH IMPROVES FACILITIES MANAGEMENT
An interview with Klevio’s CEO and Co-Founder, Aleš Špetič What is Klevio? Klevio is a smart intercom that allows...
HERE’S HOW YOU CAN LEARN TO TRADE RISK-FREE DURING THE COVID-19 MARKET CRASH
Trading app BullBear has launched new features to support budding investors looking to hone their skills against the backdrop of...
ENTERPRISE BLOCKCHAIN: DRAGGING INSURANCE OUT OF THE DARK AGES
Ryan Rugg, Global Head of The Industry Business Unit at R3 The history of insurance traces back to the development...
DISPELLING BIOMETRIC MYTHS AND MISCONCEPTIONS
By Lina Andolf-Orup, Head of Marketing at Fingerprints Gangsters cutting off enemies’ fingers to access secret locations and spies lifting...
FUTURE FX PROMO
FOUR WAYS OPEN BANKING AND AI WILL REVOLUTIONISE ACCOUNTANCY
Ed Molyneux, CEO and co-founder of cloud accounting software company, FreeAgent It’s been just over two years since the...
HOW FINANCIAL SERVICES CAN GET TO GRIPS WITH RISING SUPPLY CHAIN RISK
By Alex Saric, smart procurement expert, Ivalua UK businesses have never been more dependent on their suppliers to help...
TWO TO TANGO? MARKET DATA AND OPINIONS IN INVESTMENT MANAGEMENT
Sebastien Lleo is Associate Professor of Finance at NEOMA Business School (France) Analyst views and expert opinions matter. They...
AN ULTIMATE GUIDE TO TURNING YOUR EARLY RETIREMENT DREAM INTO A REALITY
Rick Pendykoski is the owner of Self Directed Retirement Plans LLC, a retirement planning firm based in Goodyear, AZ. ...
WHAT EVOLUTIONARY AI MEANS FOR FINANCIAL SERVICES
by Babak Hodjat, VP of Evolutionary AI at Cognizant Many banks and other financial services institutions (FIs) are beginning...
HARNESSING ANALYTICS IN THE FIGHT AGAINST FRAUD
By Anna Lykourina, EMEA Fraud Analytics Expert at SAS In the past, the fight against fraud has been a...
ERSTE BANK HUNGARY IMPROVES AND SECURES THE REMOTE BANKING EXPERIENCE WITH ONESPAN MOBILE SECURITY
Leading Hungarian bank deploys OneSpan’s Mobile Security Suite to one million customers to make mobile banking convenient while fighting fraud...