Omnichannel banking needs omnisecurity

As financial institutions move toward providing consistent customer experiences across online, mobile, card, and other channels—the so-called omnichannel experience—they need to make sure their security preparations also cross all their business silos.

Speaking during a webinar sponsored by Aite Group and Encap Security, Adam Dolby, vice president, Business Development, Encap Security, says “You need to take a look not just at authenticating any individual silo, but looking at how to protect the entirety of the customer experience. Rethinking the authentication equation really means continually improving and securing the customers across all of their experiences with the bank.”

Julie Conroy, research director of Retail Banking, Aite, provides a sobering recap of the threat. Aite research estimates that almost 58 million unique strains of online malware were released in 2013, up from 37 million in 2012. “That means that the bad guys were coming up with 180,000 new strains of malware a day. The year before, that number was 95,000 a day. The trajectory is increasing at a rapid pace.”

Aite predicts about 82 million new malware strains by the end of this year, and up to 166 million new strains by the end of 2017. Conroy notes a new and insidious increase in the number of malware strains targeted toward mobile applications, with 3.7 million strains detected this year.

“As mobile transaction values increase, as there are increasing numbers of high-risk transactions going to the mobile channel, the criminals realize that. While the numbers now are small compared to the total number of malware strains, we saw a 200% increase in mobile malware strains from 2012 to 2013,” she says.

In relation to the number of recent high-profile payments breaches, Dolby says it’s not just a matter of protecting the customers’ interaction with their banks. “Even when there’s a compromise of card data that isn’t the financial institution’s fault, the challenge is…they view it as the financial institution’s responsibility to protect the access to their funds,” he says. Again, he notes, “what you have to think of in this space is how to protect the customer at all points.”

Conroy ran down a list of attributes that successful solutions to this problem will include:

• Apply layered strategies—“Don’t rely on any one specific point solution because the bad guys have proven capable of getting past any one particular guard dog at the door.”
• Integrate fraud mitigation capabilities across channels—“It’s not just credit cards that are under pressure. The criminals are attacking banks across multiple silos, across the multiple engagement channels. Online. Mobile. Call centers. A successful solution needs to have the ability to take that same omnichannel and omniproduct approach.”
• Create a uniform customer experience across products—“As your customers engage with you make sure they are not getting an entirely different experience with their credit card via the online channel than they are with their online banking via the mobile channel.”
• Have minimal impact on the customer experience—“Consumers don’t have a lot of patience for friction. Everybody is looking to balance security with the impact on that customer experience.”
• Bring the security to the transaction level—“The bad guys have proven capable of blowing past session-based security or anything that’s just based on the perimeter.”
• Include a well-designed feedback loop—“Have [a mechanism] that can analyze how they got through and how you can prevent it from happening again.”
• Continual evolution—“There is no destination with fraud prevention. The criminals behind the attacks are very well funded. They are smart. They are nimble. They don’t have to make a business case to deploy their attacks. You have to continue to evolve your defenses to keep up with their attacks.”