Balancing security and convenience to beat fraud

Access & Identity Management Handbook 2013 Access Control & Identity Management

How can financial services organisations enable valid users to complete transactions easily, and still stop fraudsters from criminal activity? That question has been taxing the minds of the brightest security specialists for the last 30 years, and with identity theft, data breaches and fraud at an all-time high, the question has never been more relevant to financial institutions.

It has never been more difficult to answer either. Consumers interact with their banks anywhere in the world through many different and fragmented channels, ranging from the bank website, an ATM machine, and an in-store chip and PIN transaction, to online shopping, the phone, or – just occasionally – at a bank branch. Fraudsters are waiting to strike at any opportunity to misuse user credentials at any of these touch points, whether it is through malware, phishing, card skimming, or other evolving threats.

Financial institutions typically struggle to collate the risk across the various customer touchpoints. For example, if a fraudulent individual steals a credit card and attempts to take money out of an ATM machine, afterwards tries to buy a television using a store’s POS system, and then follows that up with an attempted online money transfer, many banks would treat each of these breaches as separate events because of the different systems and personnel that service each channel. This severely undermines their ability to detect misuse.

Ugan Naidoo
Ugan Naidoo

Convenience trumps security

The fact is that today’s consumers want the least possible degree of friction when it comes to online transactions. Time is of the essence and only a certain degree of inconvenience will be accepted – especially for lower risk activities. People understand and tolerate proportionate responses rather than a fixed amount of security under all circumstances.

For example, when banking online, customers will tolerate the process of using their hardware/software PKI token to make a payment to a new payee but will be less tolerant when making a repeat payment to the same payee or simply checking their bank balance.

Similarly, is it not more reasonable to be asked to verify your identity when buying an expensive piece of jewellery than it would be if simply buying groceries at the supermarket? Ideally, the process for low-risk transactions should be as instant and painless as paying in cash. And for the higher risk transactions, the bank should use proportionate security that is related to the risk. Customers understand this and actually enjoy the benefits of the protection.

To keep the valid users in and the fraudsters locked out, financial institutions need to strike a balance between convenience, cost, and security – simultaneously keeping customers satisfied and their money safe. That puts them in a dilemma: on the one hand they need to enable financial transaction services with the least degree of friction; on the other hand they must verify that it is the right person before allowing any access – typically authenticating the user via a password and another credential.

Layered fraud detection and risk-based authentication

To effectively separate the ‘goodies’ from the ‘baddies’, financial institutions need a layered fraud detection strategy that combines risk-based authentication with a number of different methods of authentication to ensure that the security is proportionate to the risk of what the user is doing. This sophisticated risk analysis can include many items such as the user location, the device they are using online, the value of the transaction, or the type of goods they are purchasing. Typically, only a small number of transactions are considered risky and the ideal solution would identify these activities and then increase the security level required, in the most convenient manner possible. Such a solution would help prevent fraud in real-time on consumer online services without inconveniencing legitimate users in the vast majority of their activities.

An advanced authentication solution creates an adaptive risk analysis process to assess the fraud potential of every online login and transaction. The technology provides a variety of two-factor and risk-based authentication methods – all geared to frictionless, multichannel authentication. For example, financial institutions can examine a wide range of data collected automatically about each login or transaction. A risk score can be calculated to help determine what action to take on a given transaction. Tolerance thresholds can be set to adjust the impact on legitimate users. And there is the flexibility to determine the response to that score based on policies and risk tolerance. This approach transforms authentication and fraud prevention – while optimising convenience. Imagine, for example, a customer is visiting London for the Olympics. At the hotel, they use their credit card with a chip and pin machine so that their card is authorised for purchases during their stay. In their hotel room, they make an online banking payment using their laptop. During the evening, another purchase is made via an iPad. Using multichannel advanced authentication, the customer’s bank has verified the chip-and-pin card transaction, acknowledged that the customer is in the UK, and monitors subsequent transactions through other channels, whilst considering this first authorised transaction at the hotel.

For more information contact CA Southern Africa, +27 (0)11 417 8645,  [email protected] www.caafrica.co.za





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

The power of PKI and private sector innovation
Access Control & Identity Management News & Events Government and Parastatal (Industry)
At the recent ID4Africa 2025 Summit in Addis Ababa, the spotlight was firmly on building secure, inclusive, and scalable digital identity ecosystems for the African continent.

Read more...
Biometric security key for phishing-resistant MFA
Products & Solutions Access Control & Identity Management
New FIDO-compliant USB, Bluetooth, and NFC BioKeys with biometric login and centralised management for phishing-resistant, passwordless multifactor authentication (MFA) for enterprise users.

Read more...
Gallagher Security releases OneLink
Gallagher Animal Management Products & Solutions Access Control & Identity Management
Gallagher Security has announced OneLink, a cloud-based solution that makes it faster, easier and more cost-effective to deploy security anywhere in the world, transforming how security can be delivered to remote sites and distributed infrastructure.

Read more...
Suprema unveils BioStar Air
Suprema neaMetrics News & Events Access Control & Identity Management Infrastructure
Suprema launches BioStar Air, the first cloud-based access control platform designed to natively support biometric authentication and feature true zero-on-premise architecture. BioStar Air simplifies deployment and scales effortlessly to secure SMBs, multi-branch companies, and mixed-use buildings.

Read more...
Continuous AML risk monitoring
Access Control & Identity Management Security Services & Risk Management Financial (Industry)
AU10TIX, launched continuous risk monitoring as part of its advanced anti-money laundering (AML) solution, empowering businesses to detect behavioural anomalies and emerging threats as they arise.

Read more...
The future of security: intelligent automation
Access Control & Identity Management AI & Data Analytics IoT & Automation
As the security landscape evolves, businesses are no longer looking for stand-alone solutions, they want connected, intelligent systems that automate, streamline, and protect.

Read more...
Smart automation is changing security
SA Technologies IntelliGuard Access Control & Identity Management
Security has come a long way from manual check-ins, logbooks, and standalone surveillance cameras. With the rise of intelligent automation, security is now faster, smarter, and more connected than ever.

Read more...
The future of security in South Africa
ATG Digital Access Control & Identity Management
Security technology is evolving rapidly, but is local innovation keeping pace? Some global players recognise the potential of South African products for international markets, but can our manufacturers and service providers thrive without external support?

Read more...
Integration enhances estate access control
Access Control & Identity Management
With one-third of residential burglaries starting at the front door, the continued seamless integration of Glovent’s estate management platform with Impro access control software is welcome news for estates.

Read more...
T&A in South Africa’s retail sector
ERS Biometrics Access Control & Identity Management
Using existing systems, ERSBio provides a practical and more cost-effective way for businesses to manage operations, reduce payroll mistakes, and enhance overall efficiency through innovative T&A processes.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.