Here’s how NuData helped one bank improve user experience without compromising security
Banking customers increasingly rely on digital offerings to handle their finances, with the number of online banking users rising 42% year-over-year in 2021. As mobile banking becomes more popular, a quality user experience will become an even bigger priority for financial institutions. After all, a frustrating login experience could be the reason a customer switches from one bank to the next.
But at the same time, this increase in online traffic can also leave financial institutions vulnerable to security risks. In response to the 15% increase in attacks from H1 to H2 in 2021, some banks have implemented additional authentication steps to their login processes, such as requiring a one-time code along with a password. While these extra precautions may deter fraudsters, they also complicate the user experience for everyone, driving away good users who are annoyed by a prolonged login process.
Our latest case study takes a look at how we helped one bank reduce user friction without compromising security, all thanks to behavioral insights.
Effective security shouldn’t come at the cost of user experience
The large U.S. bank in question had $200 billion in assets it needed to keep safe. Recognizing the importance of account protection, the bank beefed up security at every step of the login process. But this one-size-fits all approach added excessive friction to the user experience and ignored the fact that not every user attempting to log in posed a threat.
For trusted users, too many security precautions feels like overkill. Imagine you’re visiting a friend’s apartment. You’ve visited countless times before with no problems, but this time the doorman says you have to enter a code, fill out a form, and use a secret knock to enter. You understand these precautions are in place for security purposes, but that knowledge doesn’t prevent you from feeling annoyed at the inconvenience of the experience.
The dilemma for the bank was whether it could streamline its login process without weakening its security measures. The reality is there are many ways a fraudster can gain access to the bank’s $200 billion in assets. For example, bad actors could use personal records to create fake accounts, steal a victim’s loyalty-related assets, or plan a large-scale attack against the bank with an automated script.
To remain secure, the bank had to find a way to flag these potential threats while reducing friction for users who didn’t show any red flags.
So, how did the bank distinguish a trusted user from a bad actor?
Human beings are creatures of habit, whether they’re online or in person. When you visit your friend’s apartment, you likely drop by at similar times, walk with a similar gait, and dress in a similar way every time. When you are interacting online, you also have personal habits — for example, you may always enter your password at the same speed or log in from the same device. Monitoring these habits is the key to determining whether a specific user is a threat.
But identifying a user’s habits can be tricky, especially when organizations must weigh countless factors to establish trust. People can display both the expected behaviors of good users and the suspicious behaviors of bad actors within the same login attempt, which made it difficult for the bank to discern risk levels on a case-by-case basis.
However, our behavioral biometrics platform offered a solution. The bank implemented NuData’s platform to monitor login attempts for more than six weeks, resulting in 91% of users benefiting from reduced friction after establishing trust via their inherent behavior passively. Here are just a few behaviors our tool monitored to help the bank recognize trusted users and improve their user experience while flagging risky anomalies:
- Typing pattern: We monitored how users entered their information when logging in to assess their risk level. A trusted user will type in their information with roughly the same pauses and speed every time, while the typing patterns of a bad actor will be inconsistent. Unfortunately, fraudsters are aware of the suspicions that irregular typing patterns can raise. That’s why many bad actors use scripts that mimic the cadence of human typing to bypass standard bot-detection tools.
- Method of input: Beyond typing cadence, we flagged any deviations from expected login methods. For example, let’s say a user has typed out their password for every previous login attempt, but they suddenly copy and paste their password for the first time. That could be a sign that a fraudster is inputting stolen credentials from a list — but then again, it could also mean another member of the legitimate user’s household is sharing an account.
- New devices and locations: Our platform was also able to monitor where users attempted to log in from. If an attempt originated from a new device or a foreign location, it raised an alarm for the bank. However, since good users travel and change up their devices, not all of these attempts come from bad actors, which further complicates how companies should respond.
Our platform’s algorithm strengthened the bank’s security over time by developing profiles for online users. Every time the platform interacted with a user, it learned more about their preferences and increased the accuracy of its threat detection. And even on a user’s first login attempt, additional security layers like device intelligence were able to prevent bad actors from sneaking through.
As you can see, it’s difficult to identify bad actors without disrupting the user experience, especially when no single behavior guarantees a good or bad user. Navigating this gray area is difficult, which is why the bank came to us to help them develop a seamless, secure login system. And we were happy to oblige.
Behavioral biometrics unlock new capabilities
Our behavioral biometrics technology helped this bank verify online users without the need for additional authentication measures. The full case study details how the combination of passive biometrics and other NuData security tools helped mitigate risk with 99% accuracy, while ensuring a good user experience for trusted users.
As fraudsters look for new ways to obtain sensitive customer data, financial institutions gain a key advantage by having greater visibility into the behaviors of both trusted and untrusted users.