Banks must solve aggregators to win the authentication battle

Authentication is at the heart of modern banking – as it should be. As companies transact more and more online, the ability for them to grant users quick, secure, and frictionless access to their accounts is necessary for a great user experience. This requires organizations to exercise suitable authentication measures to keep their customers and their business safe, without being so time-consuming as to alienate their customers.

Navigating the complexities of authentication is on everyone’s mind these days with the tsunami of breached data out there. One of the oh-so-not-fun complexities for financial institutions that we aren’t talking about these days is thanks to the advent of aggregators: websites designed to collect and display related items of content.

Aggregator databases are not only invaluable but necessary for businesses to function online. Financial aggregators are used to compile data on various user accounts. These can include bank accounts, credit cards, and investment portfolios, which are then accessible in a single location. The aggregator services are meant to make digital transactions more convenient. But if an aggregator suffers a data breach, the consequences could be devastating for all concerned parties.

The amount of financial information stored in one place puts people at risk of comprehensive identity fraud. With identity fraud on a rampant up-tick, how can anyone trust the user authenticating is truly the user that is expected and not a member of a cybergang. This poses a significant issue. Not only is an aggregator’s sensitive customer data vulnerable to hacking, but it is also susceptible to legal consequences following such a hack. Banks are responsible for their customers’ finances, so long as they are operating within the bank.

But what happens to the customer’s safety net when their capital is lost after a hack? If a customer has willingly given the aggregator their bank details in order to use what is essentially a competing service, are banks liable? This can cause tension, as was the case in the dispute between JPMorgan Chase and aggregator Mint, when JPMC blocked Mint’s access to its website in 2015, claiming it was creating undue strain during a peak period. So how can banks deal with aggregators and still come to terms with the massive amount of data they have access to that could potentially be lost?

As with most issues of authentication, the answer lies in a multi-layered approach. Passive biometrics as one layer in a multi-layered approach offers banks and aggregators a new and more collaborative approach to user validation leveraging various forms of authentication so when one fails; there are other factors to trust.

Passive biometrics and behavioral analytics rely on environmental factors and physical behavioral indicators to build up the digital profiles of users so that in the event of an aggregator breach, bad actors can be spotted right away. There is certainly a need for an all-encompassing and long-term solution to data protection. Passive biometrics helps prevent the rampant account takeover and new account origination fraud that often follows a breach all the while protecting financial institutions, aggregators, and consumers alike.

—

Want to read more posts like this? Read more blogs here.