Secure identity management is key to reducing bank fraud

Like most organisations, most of the fraud experienced by banks is committed by employees.

February 4, 2014

As the custodians of monetary value, banks have always attracted fraudsters. Like most organisations, most of the fraud experienced by banks is committed by employees, but they also attract the unwelcome attention of fraudsters outside of their organisations. These external fraudsters are often members of organised crime syndicates.

For an increasing number of banks, the answer to both problems is proving to be identity management using biometrics.

Internally, banks are already using the Home Affairs database to establish employee identities and then performing screening to establish criminal and other records. The next wave of activity will be to use biometrics to link specific employees with each material transaction that they undertake on the bank’s systems, so that any fraud can be readily identified and the perpetrator brought to book. Known as “non-repudiation”, this type of system also acts as a powerful deterrent.

When it comes to external threats, banks face even more severe challenges. Commerce and banking have increasingly dematerialised, and now the majority of financial transactions take place virtually or via ATMs. In this digital environment, the difficulty of establishing identity digitally has proved to be a bonanza for criminals.

Banks are the victims of fraud in three main areas: at the ATM, online banking and e-commerce, and the fraudulent use of cards in the retail environment.

“In each of these areas, biometrics has a key role to play in establishing that the person undertaking a particular transaction is in fact who he says he is. This is hard to do in an increasingly digitised banking and commercial environment, particularly at the time of the transaction,” observes Nick Perkins, division director: Identity Management at Bytes Systems Integration. “Biometrics holds the key.”

ATMs are one area of vulnerability where banks are already starting to move towards using biometric identification, rather than just a PIN, a move that could potentially eliminate the vast majority of fraud in this banking channel.

Securing the online banking and e-commerce environment is harder. One-time passwords are more effective than CWV numbers but remain vulnerable. Perkins says that banks are starting to plan for providing clients with biometric readers for their computing devices to authenticate transactions both for online banking and for purchases on third-party sites.

The real-world retail environment is another area where banks continue to experience fraud, despite the widespread use of chip cards using PINs.

“Both the card and PIN can fall into the wrong hands. Again, biometric information on the card that can be matched with the person presenting it is the next step,” Perkins concludes. “Biometrics offer a failsafe way of ensuring that the person making a particular transaction is entitled to do so. And because it’s technology-based, this solution can be automated to eliminate human error. The technology is now mature and we will start to see it being deployed more widely in the near future, particularly with the incidence of fraud set to grow as cybercrime becomes more prevalent.”