Multi-Factor Authentication (MFA) in the banking industry

Based on recent Accenture research, the cost of cyberattacks in the banking industry reaches 15,4 million euros annually per company, showing a massive increase. 

Cybercrime and fraud do not only affect losses in terms of money but also in terms of user trust. The banking industry is facing a radical transformation in its business model, as the evolution of cybercrime results in mounting regulations regarding fraud, and changes in customer demand, with consumers seeking round-the-clock personalized service, accelerated the development of disruptive technologies. Banking institutions are in the middle of a chaos blast in which they have to ensure security for their transactions and their user and customer connections against online banking fraud.

The MFA elements

The 3 basic elements of an MFA are something the user knows (i.e., a password or PIN), something the user has (i.e., a mobile device), and something the user is (i.e., like a fingerprint, or voice). Multi-factor authentication relies on the principle that a second or third authentication element will compensate for the weakness of the other element and vice-versa.

How MFA works

MFA works by requiring additional verification information (factors). One of the most common MFA factors that users encounter is the one-time password (OTP). OTPs are those 4-8 digit codes that you often receive via email, SMS, or some sort of mobile app. With OTPs a new code is generated periodically or each time an authentication request is submitted. The code is generated based upon a seed value that is assigned to the user when they first register and some other factor which could simply be a counter that is incremented or a time value.

The MFA challenges

Acceleration of digital transformation

Due to the current Covid-19 pandemic crisis, most industries accelerated their digital transformation. Banking is one of these industries. Internet banking was already growing fast before the current crisis. The impact of Covid-19 has now reinforced this trend which is likely to continue once the crisis passes. Cost is a major factor for banks, but customers also increasingly want online banking.

Channel Unfamiliarity

As technology evolves at a crazed pace, new verification and authentication tools continuously emerge. In-house banking executives and IT departments cannot keep up with discovering and assessing the right channels and the proper tools that a bank can use to keep all its systems current with the latest security applications.

Complex Workflow Development

Insider attacks are often and usually affect larger amounts of data and money across a far broader section of held bank accounts. Bank employees need to keep their workflow moving but many times, they must log into multiple systems at once to carry out their duties, and conventional internal MFA technologies delay their job. So, many times the executives disable the internal MFA process to expedite their business workflow.

Poor User Experience

Most available traditional MFA tools are complicated, not user-friendly, requiring a lot of training on behalf of the banking executives and the bank customers to learn how to use them and get acquainted with them. The difficulty in using these traditional MFA tools leads to many usage failures, with in-house executives and bank customers proceeding with more verification requests, a fact that leads to a deteriorating user experience.

Losses from Poor Authentication 

Many acknowledged surveys estimate that cybercrime will create losses of over 4.4 trillion euros in value in the banking services sector over the next 5 years. Banking institutions already spend an average of 16 million euros annually in their efforts to combat the problem. Most finance experts agree that the most critical breach mechanism in the finance sector is hacking, with 4 out of 5 hacking attempts involving the use of stolen credentials.

The importance of internet banking is obvious for several reasons. It offers a cost-efficient alternative to telephone and branch banking due to the relatively low capital and maintenance costs and its fully-automated processing of most transactions. Besides, it offers unparalleled customer convenience by enabling 24-hour access to a wide range of services.

It goes without saying that internet banking security is an absolute necessity, especially due to the increase in cyber attacks in volume and complexity. Securing data in the banking industry across multi-channel environments is not an easy task. Fraud including identity theft is on the rise. Protection of customers in the highly sensitive banking services sector is vitally important to build trust and loyalty. With access to account information available across many channels, having a service that has reliable fallback options is critical.

Intelligent authentication tools like Routee’s MFA are properly designed to help banking and financial institutions secure online transactions. Routee’s MFA provides a layered security approach to form a groundbreaking secure user identity. This security approach acts as a foundation to protect digital channels and improve customer’s trust, protect sensitive financial and transactional data, secure all applications, devices, and endpoints across employees and customers. Besides, with Routee’s MFA a banking institution can build a frictionless user experience with convenient access to data anywhere and anytime, deploy the right mix of authenticators, detect threats and fraud in real-time, and implement customized solutions to fit unique banking needs.