Frictionless Fraud Mitigation: Best Practices in Identity Verification & Authentication

Arizent will survey leaders across the banking industry to better understand the best practices they are adopting to manage and mitigate fraud risks. Specific attention will be paid to the tools and technologies being deployed to verify and authenticate customer and employee identity while ensuring frictionless and secure experiences.


Transcription:

Janet King (00:10):
Good Morning everybody. It's great to be here. That was a great keynote. We're excited to get started. So I'm Janet King. I'm the VP of Research for American Banker, and I'm joined today by Cindy White, who's the Chief Marketing Officer for Mitek and Mitek offers enterprise grade identity and biometric solutions. So I'm really excited to have you here today. Cindy, welcome.

Cindy White (00:32):
Thank you, Janet, and lovely to be with all of you. I'm enjoying the research that we've done so far and I'm really excited to hold up a big mirror and show you what all of you collaborated on and the results of the research that we did together. And thank you to American Banker for having Mitek part of this event. It's really great to be here.

Janet King (00:54):
Yeah, thank you. So today for the basis of our discussion today, we're going to be looking at some new research that we're releasing actually today on American Banker, and it's on best practices for mitigating fraud with an emphasis on identity verification authentication. So we conducted this research in April and May, and we had 158 professionals from a mix of global, national, regional and community banks, plus some credit unions participate in the research. And our goal was really first and foremost to explore some of the best practices that banks and credit unions are adopting to manage and mitigate fraud risks. But our second goal was really to look at the tools and technologies that are in use to verify and authenticate customer identity and how those tools are being used to ensure low friction but secure experiences.

(01:51):
So just for a little bit of context on who took the survey, this was a mix of banks and credit unions of all sizes. We had about a third that were large global or national banks with assets of a hundred billion or more. About a quarter came from those regional and mid-size banks, between 10 billion and a hundred billion. So all told about half of the banks were in that 10 billion plus bucket. A majority of the respondents hold management level titles. And in fact, more than half of them have either senior management or executive level titles. And we screened everyone to make sure that they had some level of direct involvement or knowledge of their bank's risk fraud, identity verification, or cybersecurity efforts. So that's really all just to say that this dataset reflects the opinions of fraud and identity stakeholders from banks across the ecosystem. So Cindy, before we dive into the results, can you just take a minute to talk about why Mitek wanted to partner with us on this research?

Cindy White (02:58):
Of course. So Mitek is founded really to bridge the digital and the physical world. And we have this mission that is to really provide trust and convenience in every digital interaction. So when we learned about this research, we were like, this is exactly what we need to hear. We can't innovate in order to achieve on that promise. We can't truly get behind what the solutions need to be until we understand the pain points or we understand the challenges, the frustrations that you might be experiencing that our clients might be experiencing. So we specialize in solutions for highly regulated industries, and obviously this is exactly where banking, FinTech and so forth is. So it was a great partnership for us to come in and learn more about the challenges that you might be experiencing in your businesses.

Janet King (03:55):
Yeah, I think what I love about this kind of research is it really does provide that peer-based insights for everyone in the room. So you can really get a chance to see what folks just like yourselves are thinking about these topics. So let's dive in. So improving the customer experience has certainly been a focus for banks in recent years, and we've seen a really rapid acceleration in efforts to digitize the banking experience to make it easier for us to withdraw money, make electronic payments and whatnot. And sometimes those efforts may be aired a little bit on the side of convenience. And in fact, what we saw last year, we released our state of digital banking research and what we saw there is that reducing the risk of identity fraud was a key driver to their digital banking strategy, but it was six on the list of drivers for their digital strategy.

(04:51):
Now we ask that question a little differently in this research to be sure, but I think it's still comparable. And what we see now is when you ask banks what are your top customer experience priorities for the next 12 months, improving fraud prevention and mitigation is at the top of the list for banks of all types and sizes when you think about their customer experiences priorities. And Cindy, I'm certainly not suggesting that fraud has all of a sudden become a concern for banks. It's of course always been at the forefront of priorities. But I think what's interesting about this research is that it seems to mark a shift in thinking about fraud as a key driver of customer experience initiatives including digital initiatives. So it's now, I guess, at the center of the discussion and on par with a focus on convenience rather than something that's maybe being solved in silos. So what do you think is behind that convergence?

Cindy White (05:43):
Well, we heard a lot about gen AI just a few moments ago. I certainly believe gen AI is one of those. And the second one is that fraud is now not just at the front door, it's part of our lives. So let's just first go with GenAI, with the influx of consumers using GenAI in their everyday lives, they're used to these personalized experiences and GenAI comes with its benefits and its challenges from a fraud perspective. So when we think about just that personalization, fraudsters are going to be super smart and they're going to target exactly where pain is. And so consumers might have their guard down because they're using digital surfaces to get through their daily life, and when something is so targeted, they might be taking an action on that. So they're very, very attuned right now to deep fakes, to voice clones to these different elements of it.

(06:43):
And they're expecting banks to help protect them from these very, very prevalent threats that are taking place. So they're counting on the bank to use gen AI to fight the gen AI. The other part about it is that when you think about your digital interactions at any given day, it's not just about onboarding anymore. So for banks, it's not just about fraud at that threat at that point of onboarding, but it's about the fact that we have this really sophisticated thing in our pocket called a smartphone that allows me to do a bunch of things all the time. And so they're interacting with the banking app all the time. They might be checking their balance more frequently than they did before because it's that easy. They might be thinking about transferring some money and instead of doing it in a lump sum, they do it in bits and pieces because they can. And so fraud is everywhere because the surfaces are greater. So from a customer experience standpoint, the customers expect us to take care of fraud. If we are in the banking industry, if we are in the FinTech industry, the consumer is expecting us to take care of them, but they're also expecting the seamless gen AI beautiful experience. And so fraud and customer experience are now going hand in hand and we have to think about it in a really smart way so that we don't let them down.

Janet King (08:07):
And I think we are seeing that certainly come through in this research and other research we're doing. How do you think the regulatory environment's also impacting this?

Cindy White (08:15):
I also heard this morning from the McKinsey speaker around the role of regulation. If we are not going to do something about it, somebody's going to ask us to do something about it. And so I think we have a duty to work through what could that be? And when I think about biometrics, it's certainly something that our organization focuses on, and we are struggling as a ecosystem to understand what can we do with that biometric that we capture? How can we use it for greater convenience, but how can we also use it from a protection standpoint and how can we protect it because biometrics are safer than a password until they aren't, right? And so it's about how do we use that smartly and together and how do we feed the information that the regulators need so that they can put that right regulation in place.

Janet King (09:12):
So another thing we were curious to understand is for which types of customer interactions banks are most concerned about fraud, where are they most concerned about the risk from fraud? Because we know that fraud can happen at any point anywhere in the customer journey. And what we saw here, this was a rank order question. So they were asked to pick their top, their second, their third top, they're second, they're third. And the top concern most of the time is ongoing day-to-day interactions, right? Followed by those reverification moments where maybe you're doing an address change or something like that. And then product origination and onboarding. So what do you think about how banks are rank ordering their concerns here? And I guess I'd like to ask you to think about what does it tell us about where we are in the fight against fraud? How much progress have we made? Where do we still have to go?

Cindy White (09:58):
Sure. I always like to say that fraud attacks the weakest link. It's like going to just as you think you've got control over here, it's going to pop up somewhere else. And so the reason why we may be surprised with the results that you're seeing on the screen right now is that we have traditionally been tackling it at the onboarding process at origination, asking from an identity standpoint for that consumer to take a picture of themselves and then compare that to a document. And most of us have that identity verification process in place. And so we thought we had fraud handled at the onboarding stage. But the reason why I think this has come up is that now fraud is everywhere. In our organization, we call it, it's in life. And so we're interacting with digital accounts, not just bank accounts, but all of our digital accounts.

(10:55):
And we go from something as simple as opening our phone to unlock all of this access to interacting it, ordering an Uber, for instance, in our daily life, buying a ticket for something, downloading our agenda for today's meeting. And all of these things are digital interactions. And as consumers, we expect them to be seamless, but then they go from that into a banking app and they want that to be seamless too. And so fraudsters are thinking, well, hang on a second here. If I've got all of this data that you've just left online for me, I can collect it and then I can go and start using that in these day-to-day interactions because I'm making a whole of all of this data. So I call it the data breadcrumbs that we leave around when we open access to something that we don't think needs to be secure.

(11:48):
So we didn't really have a password on that, or we did something and we left our digital wallet open, and we didn't mean to do that, but we were in a hurry. We were buying a train ticket or we were buying something. So we left the digital wallet open. And so all the time, these fraudsters are working way harder than us 24 7, 365 all the time, figuring out how they can get all these little breadcrumbs of data and do something proficient with it so that they can impact our in life experiences. And I really feel for all the banks, because we've got so much to protect our consumers from, this is their financial freedom that we have in our hands. And now they're opening the door to that by just going in and checking their balance or going in and figuring out did they actually make that transaction? Can they Zelle something? Can they Venmo something, whatever the case may be. So it's hard, but it's now in life. It's part of our day. We switch between a bank app and we switch between something and a rideshare app or something like that.

Janet King (12:52):
Yeah, it's so interesting and so true. We're all moving so quickly and expecting that. So it's very, very steep challenge. And I mean technology, particularly technology that helps to identify and authenticate and verify customers is going to be an important tool in that fight. But what we found in the research is that a sizable proportion of banks are really not all that confident that the methods and tools that they're using specifically to verify and authenticate customers identities are keeping up with the pace of fraud. It's not surprising, right? Things are evolving so quickly and that relatively middling sort of level of confidence exists in an environment in which the majority of these banking leaders are saying that modernizing their identity strategy is a critical or strategic business priority. Something like 70% told us that. And in keeping with that, about 70% are also expecting to increase their technology spend to attack this problem over the next 12 to 18 months. So modernizing priority spendings on the rise, but starting from a place of relatively low confidence, and I think that underscores the difficulty you were just talking about, right? Many banks are really having trouble creating a future-proofed identity strategy, if you will. So what do you see as contributing to the challenges banks face, getting the right tools and solutions in place here?

Cindy White (14:16):
So when you think about future-proofing, you have to be really confident that what you're doing today is going to be relevant for what's tomorrow. And we all know that that is changing rapidly, so it's almost exhausting to keep up. So I think there's something in that exhaustion that is driving to the inconfidence. But when I think about a digital strategy, we really have to think as a first and foremost data. What is your data strategy? We heard a lot of that in the keynote, which was really refreshing, and we can jot that down. But what is your data strategy? What data are you collecting so that you can be more secure, be more personalized, that you can combine these convenience things together? What is your data strategy? And I like to think of data as layers. You don't have to have it all in one place or from one provider or one set of regulation.

(15:11):
Think about the layers that you can get. So if we were to think about origination and onboarding, you could use data from a document. You could use data from a biometric that you've captured, somebody's face, somebody's voice, and what are you doing with that data to help you feed the rest of the transactions at your bank? And then what is your strategy around identity? Are you educating your users, your consumers, that they need to go through a little bit of this in order to get to where they want to be? So what is your strategy on educating your consumers? And then the last piece about future proofing is what is your strategy about sharing data? And we are all in this room because we want to learn and we want to keep ahead of making sure that we are most digitally inclined, that we are offering the best customer services and we're protecting our consumers from the threats of fraud. And so we all have a common enemy, and that is fraud. So what are we doing to break down the silos? What is your bank strategy around sharing data so that we can break down silos and fight fraud together? And I think you're going to see this word consortium come up quite a bit because that is an opportunity for us with a data strategy, with an identity strategy to share our knowledge and to fight the common enemy.

Janet King (16:37):
And it's interesting, we actually asked about data consortiums in the research. We didn't have that data to share today, but what we found is that the majority of banking leaders think that there's a lot of value to be had with data consortiums, but only a minority are so far likely to actually engage or participate in one. So that's going to be an interesting thing to watch. Yeah,

Cindy White (16:57):
Absolutely. I like to think of it, the TSA, I dunno how many of you have TSA or how many of you have clear or how many don't have anything if you don't travel a lot? But it's really progressing and the more you know about somebody, the more the rights they have and the faster they go. So if you were to apply that in terms of your strategy, the more information you have around a user, the more information you have around fraud trends, the more you can treat people and the faster they can go through your systems. Yeah,

Janet King (17:28):
It's a good analogy. So the complexity here is certainly amplified by the omnichannel nature of banking, and we asked banks how effective they feel they are in verifying and authenticating a customer's identity by different channels. You can see the dark blue bar is highly effective, the moderately effective, slightly effective. The majority at least feel that they're slightly effective or more, but really it's the digital and in branch where they feel most effective and bigger banks are more confident in the effectiveness of their methods for verifying and authenticating a customer's identity. In digital channels, you can see that big difference here, 87%, 83% of the global banks, 87% of the regional banks compared to about two thirds of the smaller community and credit union banks. So why do you think that's important, Cindy?

Cindy White (18:21):
When I think about, well, for me, the lines on the graph are also really different around whether you're a community bank or whether you're a credit union or whether you're a global bank. But from a digital standpoint, digital is the future and that's where it's going to go. And so they think because we are asking for all of these credentials at the point of onboarding, that they can store them and use them through life. And so when you think about your identity strategy and you think about omnichannel, even the branch can be digital. Even the call center can be digital. So if your identity strategy and your data strategy are in touch with one another, you can get a full omnichannel experience. Of course, digital has to go faster and people expect it to be seamless, but in branches, they come across different areas of friction in that you're asking somebody for their credentials.

(19:26):
But do you have the right to question those credentials? So are you using your digital strategies in the branch or the core sense of you have all of this information, all of this data around the customer, you can make those experiences just go as fast, whether you're taking something of their MRZ or if it's a passport of the NFC code or whether you're taking information about where they live, their geolocation, and all of that is in your digital environment for the tailor so that you're taking the pain away from that inexperienced teller. You're saying, okay, this person is showing up really well. This is the tradition. They come into this branch, or this is a little bit of a concern. They haven't been in this geolocation before. Maybe we should do something else. And so those are some of the areas where I think Omni-channel is super important, but it all starts of course, digital because that's where we are going and that's where all the data is.

Janet King (20:17):
Yeah, I ran into that myself actually. I live in Maine and I bank with a small community bank in Maine, and we were out of state and we were trying to initiate a wire transfer. We didn't know we would have to do this before we left the state. And my expectation was I could just call the bank and I could make this happen online or whatever. And the reality is that I ran into roadblock after roadblock after roadblock. Well, you're not here. We need to see you in person. We need you to fill out some paperwork. And we were trying to avoid mailing a check because it was for an amount of money. We didn't want to put in a check because of check fraud. And long story short, we couldn't do it. And I was getting very frustrated. My husband had to remind me voice of reason in the marriage, they're just trying to protect your money. And I was like, yeah, that's right. They are just trying to protect my money. But I as most consumers wanted this instant. I wanted to get access to the money, I wanted to do it right then, and I didn't want to have to go through all those extra steps. So it's interesting that balance between security and friction,

Cindy White (21:09):
And you wanted that convenience because you were in that frame of mind. Had they had digital information around you on other levels or other layers of security, it might've gone just a little faster,

Janet King (21:20):
A little different. Yeah.

(21:23):
So I think that brings us to this point, I think which is really important, which is what are the methods that banks are using to verify and authenticate customer's identity? And how does that vary by different channels? And it's kind of interesting what we saw here is that overall banks are embracing a broader variety of methods and digital channels, which may be contributing to the confidence that they see there, right? That's that dark blue bar on this chart. And they're more often relying on a handful of methods for in branch and call center interactions. And those could conceivably be failing to provide the best and appropriately secure customer experiences. So if you look at this, ID document verification, pins, passwords, those are the two most widely used methods in branch. If you look at the call centers, it's still pins and passwords dominating the list. So the more modern technologies like those digital certificates and the digital ID verification, physical biometrics, behavioral biometrics, those show up frequently in the digital channels but not elsewhere. So I guess, what do you think about that, Cindy? And what should we take away from this?

Cindy White (22:35):
Well, I think first and foremost, this is a snapshot in time. And as a consumer, we are all used to pins and passwords. It's something that we've gotten used to, whether we like them or not. Most of us don't like pins and passwords because we regularly forget them. But we also getting used to our biometrics, but we are also a little scared of them because of deep fakes and because of our gen AI helping to clone our voice. So we as a consumer are a little nervous about, well, who can take my biometric and what can they do with it? But truthfully, if you use them in combination, if you use a face and a voice in combination, it can be a very powerful method. But then you've also got to layer it into all the other digital elements that you know about your consumer or your users so that you can use all of these different layers together.

(23:33):
I'm going to go back to that breadcrumb scenario. If I know that Cindy White typically uses her apps to do X, Y, and Z, when I fall out of sight of that algorithm or that cohort, there could be a score add in the biometrics. This is truly her and it's not an injection attack. This is truly a human trying to make this and this is her voice. In combination with that, I've got more security, more layers of security, but I think it's still really new. And then we protected in the written form, what are we going to do in the biometric form? How are we protecting that? I, and all of this is pretty new and we still trying to flesh it out. And so again, I go back to this concept of sharing data and as an ecosystem joining together where we can to help fight the common enemy using the technology that we know is now outdated and embracing the new so that we can bring it all together and fight fraud through a layered approach. So there's going to be many, many ways that come up to improve our identity. We might have to do something extraordinary with our biometric, but I still believe the biometric can be protected and it's pretty secure.

Janet King (24:54):
It's going to be interesting to see that cross-pollination start to happen more frequently, but it's obviously not easy to solve. And we know that banks face a number of challenges and efforts to do this. We've touched on quite a few of them already, but we asked directly, what are your biggest pain points specific to new account fraud or account takeover fraud within the verification authentication experience? And what we found is that providing customers with authentication options that feel comfortable and safe was the number one thing. So things that are recognizable, trusted, to your point about people not having a lot of experience with biometrics or maybe being a little bit nervous, removing or reducing friction from the customer experience was number two. That was a huge challenge. And then being able to separate legitimate customer interactions from potentially fraudulent ones, that was another issue. And then if you look at just rounding out the top five, and this was a much longer list, it was the ability to adapt your approach depending on the level of risk, and then maintaining compliance, which we talked about at the very beginning. So let's talk about that battle to remove friction from the customer experience. I mean, is it really about introducing the right amount of friction?

Cindy White (26:05):
I really do believe it is. We come to work every day and we focus on risk and we think about it. But how many of you feel like you have to educate somebody else on the risks of transacting online? How many of you feel like you have to educate your children or an older family member about don't click on that because that's a scam and we can recognize it, but the general population can't. And so we have this responsibility to educate that a certain level of friction is good. And we did a recent survey outside of this one, and consumers trust banks more than they trust anyone else, and that means that we have more responsibility to educate them. And you can do it in a really convenient way. You don't have to give them multiple steps, even biometric authentication. It doesn't have to be active.

(26:58):
Smile now to turn your face, it can be more passive. But while you're taking that passive capture, we use a face and voice together. We ask them to say a phrase, which is a secure phrase, right? Even that if you didn't want to go to that step in that moment where you capturing their face, tell them, we're doing this for your security. We're not going to store this. We're going to shout it. This is teach them around the what are you're doing is for their self-protection. So it's not your husband having to remind you in the point of frustration that you're being protected, but help educate them. So there is, first and foremost, it's a very imperative to have a good amount of friction. I think as consumers, we'll get used to it. And so we know now if it goes too fast, oh, something just happened. But the other element is don't just wait until you're interacting with them on your app to have that conversation with them. Make banking part of their responsibility too. And so

(28:00):
Educating about fraud, talking about fraud, showing us how to detect a deep fake or detect that bad link on an email, these are all things that we can do. And here I kind of lean into those banks that have communities, whether that's a digital community or you're a community bank or a credit union, you have many ways in which you talk to your consumer all the time, sophistication in your app, talking to them as a way to educate them that fraud is around all the time. And so I do believe there's a really strong combination, and this group of folks are set up to lead the way in educating against fraud.

Janet King (28:41):
Completely agree. Thank you for that. And I just want to mention that this research is just being released today. So if you scan this QR code with your phone, you can download a full version of this report on maximizing fraud prevention while minimizing customer inconvenience. Again, it's research done by American Banker in partnership with Mitek. I want to thank Cindy for being here and for Mitek for working with us, and thanks for spending some time with us today and enjoy the rest of the day.

Cindy White (29:11):
Thank you everyone.