When customers put money in a bank, they need to trust it will stay there. Because of the high stakes involved for the customer, such as financial loss, and how long it takes to resolve fraud and potential identity theft, customers are sensitive to the security of the bank as well as fraud prevention measures. Banks that experience high volumes of fraud are likely to lose customers and revenue. The key is to protect customers and their accounts before problems start. That way, banks can launch products and services that keep customers engaged and draw new ones.

Banks looking to grow and expand should proactively consider how fraud concerns impact achieving their goals. La Banque Postale (LBP) saw firsthand the need for risk assessment as it began working to attract more young customers and was named one of the top three banks in France.

However, banks cannot protect their accounts and infrastructure without knowing their risk level as well as specific vulnerabilities. Security begins with a complete and comprehensive risk assessment. With that firmly grasped, then organizations can take the next step to prevent or stop attacks and fraud. Risk and fraud are constantly evolving, too. Financial institutions now often team up with trusted partners who specialize in financial cybersecurity. That way, they can focus on their main goal – providing great service to their customers.

French Bank Faces Account Takeover Fraud

As they set out to achieve their goals, LBP realized they needed to move to full Instant Payment (IP) in less than an hour across all payment types. For a successful and secure IP rollout, the bank knew that it must have a strong fraud prevention strategy in place. The ultimate goal: fraud-free online banking.

Because its past fraud incidents stemmed from unauthorized account access, the team wanted to prevent attacks from happening. However, multiple log-in attempts may happen at the same time, making it challenging to stop attacks in real-time. The team realized that the key was using a scoring system for each login session. That could determine which login attempts were high risk. They could then devote the resources to preventing high-risk attempts, which increased the likelihood of success.

When they started the project, LBP set realistic goals for the project to help determine success. Of course, the bank wanted to reduce the costs of online fraud. At the same time, the bank also wanted to avoid the costs of renovating payment factories. They planned to do it by investing again in innovative IP deployment and fraud protection. LBP wanted to improve customers’ time with the bank while at the same time reducing costs. They knew that addressing the issue was not a short-term project, but a long-term focus.

Selecting a Risk Confidence Solution to Bolster IAM

A wide range of risk confidence solutions is currently on the market at a variety of price points and features. However, banks must carefully select the right tool for their specific needs. This ensures that they are correctly assessing risk and that the tool integrates with other IT systems. When LBP began looking for a tool, their top need was a complete, in-depth fraud protection and authentication solution that could address the requirements. After a careful search, they selected IBM.

Specific features to look for include:

  • Cloud-based: The tool must detect attempts across multiple channels. So, the solution must be cloud-based to provide the coverage needed for the wide range of ways customers and threat actors access bank accounts. Additionally, cloud-based solutions allow employees to access the tools from wherever they are working that day, including their mobile devices.
  • Uses AI: Attackers are increasingly using AI-based tools to take over accounts and commit fraud. Without using predictive technology, banks find it increasingly hard to spot vulnerabilities and assess risk. Otherwise, your bank reacts to attacks instead of proactively predicting risk and potential vulnerabilities. By using AI-based technology, LBP can now spot fraud happening in real-time and limit the damage by intervening.
  • Anomaly detection: Threat actors are often very sophisticated in their approach. However, their patterns typically vary ever so slightly from the account owner. With anomaly detection, the tool uses AI to uncover deviations based on device hygiene and network characteristics. Even subtle differences such as typing speed can be detected with behavioral biometrics.
  • Fits into zero trust framework: Hybrid and remote work are changing the surface area banks need to protect. The zero trust approach provides the best protection for the way that bank employees currently work. Zero trust, which is a collection of technologies used together, starts with the mindset that each user must prove that they are authorized. Identity and access management (IAM) serves as a cornerstone of zero trust by establishing that the user is authorized.
  • Fraud patterns: Attackers always change how they do business. When you use a tool that continually updates its algorithm with the latest fraud patterns used in other attacks, such as spoofing attributes, malware infections and non-human behavior, you can more accurately spot potential risks.
  • Consortium data: By using a trusted partner that is always creating new research and data, your bank benefits from the targeted protections deployed by the IBM Security research consortium.

Importance of Fraud Protection

After assessing risk with a tool like this, the next step is to effectively prevent fraud by denying access. As banks move through their digital transformation, they see more fraud and account takeovers.

LBP selecting IBM Security Verify Trust to both assess risk and prevent fraud allowed the bank to then confidently launch the first IP program to their customers. LBP improved its customer image by setting up full instant payment without additional fraud. Users now had the convenience of free and faster payments without security concerns.

By becoming the first bank to fully deploy free instant payments, other banks will likely follow, which means customers across the globe will benefit. As your bank looks to continue its digital transformation by moving existing processes to digital channels and offering a new customer experience, now is the time to follow LBP’s lead and assess your current risk. By getting the tools and processes needed to assess risk and prevent fraud, your bank can focus on its digital transformation and provide the personalized experiences that your customers expect. You can then move towards your goal of a fraud-free online experience and becoming a digitally focused bank.

More from Banking & Finance

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

Cost of a Data Breach: Banking and Finance

The importance of cybersecurity has touched almost every industry. Beyond that, robust cybersecurity is table stakes for several sectors, particularly health care and the banking and finance industry. Not only is financial data at risk, but so is customer trust. In banking and finance, trust means everything. Yet, consumers are hesitant to share their confidential data. A recent McKinsey survey revealed that no industry achieved a trust rating of 50% for data protection. Here’s the most sobering stat: 87% of…

What Do Financial Institutions Need to Know About the SEC’s Proposed Cybersecurity Rules?

On March 9, the U.S. Securities and Exchange Commission (SEC) announced a new set of proposed rules for cybersecurity risk management, strategy and incident disclosure for public companies. One intent of the rule changes is to provide “consistent, comparable and decision-useful” information to investors. Not yet adopted, these new rules – published in the Federal Register on March 23 – could change reporting requirements. Take a look at some of the big-ticket items and what your organization needs to know.…

SEC Proposes New Cybersecurity Rules for Financial Services

Proposed new policies from the Securities and Exchange Commission (SEC) could spell changes for how financial services firms handle cybersecurity. On Feb. 9, the SEC voted to propose cybersecurity risk management policies for registered investment advisers, registered investment companies and business development companies (funds). Next, the proposal will go through a public comment period until May 9.  The Importance of Cybersecurity in Finance The 2021 X-Force Threat Index found that financial services were the most targeted industry. Manufacturing beat out…