May 17, 2019 by Greg Meckbach
Biometrics and two-factor authentication will become more popular tactics for mitigating cyber crime risk, a British Columbia credit union executive predicts.
“I feel like I do a lot of biometrics,” said Marilyn Mauritz, chief transformation and governance officer at Vancouver-based Central 1 Credit Union, during a panel discussion at the recent Payments Canada Summit in Toronto.
An audience member asked speakers at the panel – consumer protection in the age of faster payments – what they think is the future for two-factor authentication.
“I think it’s going to grow,” Mauritz replied. “In the last year, what I saw in the banking [and] credit union space – the number of brute (force) attacks, phishing attacks – we’re going to have to do more. We have to find more security features and I think [two-factor authentication] is one of the better ones.”
One method of two-factor authentication involves a confirmation message, Rocco Galletto, a Deloitte Canada partner and cyber security expert, told Canadian Underwriter earlier in a separate interview. The way that works is a customer logs into his or her account and then gets a message on a different device asking if it is really them. The intent is that if a fraudster succeeds in logging into your account, you get the message asking whether it’s you and the fraudster does not.
Another example of two-factor authentication is biometrics, which uses a person’s fingerprint, iris or other unique biological characteristic.
“It’s easy for me to authenticate today with my thumb print on my phone, but as I go into the commercial space, I need multiple levels of authorization,” Ian Holmes, a transactional fraud expert for software vendor SAS, said May 14 during the Payments Canada Summit.
Holmes was referring to situations where a company is paying a vendor and needs more than one person to approve the payment.
Payments Canada operates the clearing and settlement systems used by dozens of Canadian financial institutions to let clients make payments by cheque, debit card, direct deposit, pre-authorized debit and wire. Discussion topics at the summit included consumer demand for faster and easier payment methods, fintech and open banking.
Holmes asked co-panelist Jas Anand, senior manager for risk advisory at Deloitte Canada, whether Anand has observed financial institution clients looking at their risk management functions.
“Over the next few years, risk mitigation [will] definitely influence the ability for a financial institution in Canada to compete effectively” said Anand.
This is because a financial institution with a good fraud risk management program may be able to offer faster payments with higher values more quickly than its competitors, suggested Anand.
But allowing payments to settle faster – meaning recipients get their money sooner – gives financial institutions less time to figure out whether there could be fraud.
“With everyone getting to the same capabilities really fast and fighting for the customer’s wallet through efficiency and simplicity – having a good control framework actually enables a business to take those risks with greater confidence,” said Anand. “Having that strong risk foundation allows you to increase limits faster, offer products and services faster and clearer and settle payments faster.”
But the reverse is also true, said Anand – meaning financial institutions that are not as good at risk management as their competitors will find it more difficult to offer payment with the features their clients want.
“I think traditionally, people have looked at risk management as the people who say ‘No.’ I really see risk management now as an enabler of strategic differentiation.”