Why do bank account scammers fear icebergs?

If you ask a sailor why icebergs can be so problematic to their voyages, they will most likely tell you it’s because what you see above the water is only a tenth of the size of the iceberg below. Indeed, even the phrase “tip of the iceberg” means only part of the problem is known – the unknown information is likely to pose even more of an issue.

Boats can get into trouble when navigating icebergs due to the fact that something giant beneath the surface can sink the ship. In a similar way, bank account scammers, the villains who try to take over accounts or open fake accounts for money laundering, do not expect to meet any icebergs of their own on their mischievous journeys. But that is exactly what is happening to them now.

The concept of user authentication is one of the fastest evolving set of technologies right now. For decades, financial institutions, like most industries, dreamt of replacing usernames and passwords with something more robust.

The reason it has taken so long to be fully integrated into this industry is because some alternatives had a negative impact on the user’s experience and were, rightly, deemed unacceptable. The idea with any form of authentication is to protect people, not discourage them from using the service. Regulators, therefore, played it safe and only enforced multi-factor authentication when biometrics were proven to not affect the user journey. The biometric revolution is now in full swing and for scammers using basic phishing and social engineering techniques this is seriously bothersome.

But the worse for these fraudsters is still to come. Multi-factor authentication is only the visible part of the ‘security iceberg’ and our industry is now in the phase of deploying the ‘below sea level’ part – the hidden technology that can cause them so much more damage. This is the data intelligence that continuously evaluates every situation and determines a risk score for each interaction, which in turn can trigger a decision as to whether further verification steps are needed.

Data intelligence is an inherently creative science. Data can be factual, historical, statistical or extrapolated based on observations. For example, know that when we add 2+2 it always equals 4. Likewise, the probability to roll the number “2” on a six-sided die is always 1 out of 6. However, data can not only speak, but it can also suggest. Experience, facts and knowledge can now be soft coded and fed with massive amounts of data. A good example of this is the flight height of swallows. By studying data, we now know that when they fly low, rain is likely to come. These conclusions are never certainties, but scores and likelihoods. Policy managers love scores, because they can set rules to scale up security based on risk level scores.

Our behaviours and life context are unique to each of us. As you go through your life you accumulate more data that contributes to this. Your birthday, the date you pass your driving test, the day you move to a new house – all this is data in the context of your life and no one has the exact same experience as you.

Behavioural biometrics is a rich and open field for innovation making scammers much less successful. While he or she may have successfully stolen information from the victim, the scammer does not have the same life, habits, places or behaviours as the owner. Thus, the fraud attempts become exponentially more difficult, which is the goal. What’s more, ever evolving algorithms and innovations in this field will continuously bring new data intelligence and new pertinent statistics, making it even harder for scammer.

It is crucial that this the part of the ‘iceberg’ remains below sea level, so to speak, and cannot be seen. In the financial sectors strong customer authentication use case, this means data collection and analysis must be performed with user privacy in mind and for the sole intent to assess and prevent fraud attempts.

The real challenge for our industry is to build the tools to unleash the security promises without turning them into invasive learning machines. The power gap between purpose and capabilities is the challenge of digital offers in the next decade.

Using behavioural biometrics to to prevent fraud in digital banking will be exponentially difficult when applied for the right purpose and the appropriate use cases. These ‘icebergs’ must only sink those who throw caution to the wind and sail into the perfect storm, making them a threat to both bank account scammers and sailors.

Licensed from

7 views0 comments

(713) 224-6604

©2020 by Woods LLP.