How many of you are reading this on your smartphone or tablet? I suspect the majority of you are. We are a mobile technology generation and we use it to access a wider range of services remotely than ever before.
According to research conducted on behalf of Bank of America on an average day, nearly 40% of “millennials” (persons aged 18-34) interact with their smartphone more than anything or anyone else. Falling into that age bracket, I don’t know whether to be shocked by that or not!
Technology has always been an enabler; be that through e-wallet payments, ordering a taxi, placing a bet or setting up a direct debit. Within financial services there are verifiable metrics which support this.
Increased digital engagement is not without its challenges though – the easier you make something for everyone; that means everyone. We (the good guys!) are not the only ones turning to mobile technology for its benefits, unfortunately fraudsters are also increasingly targeting mobile devices as a key facilitator for fraud. What better way for a fraudster to attack than remotely and facelessly?
Whilst the Financial Action Fraud UK stats show from 2015 to 2016 internet banking reduced by 25% and telephone banking reduced by 9%, we know that incidents of mobile banking fraud and device enabled fraud have continued to cause significant losses. These stats show the shift in focus of fraudsters and highlight the need for robust device identification when it comes to addressing fraud concerns presented within digital engagement. Knowing your customer, in a digital world, realistically means knowing their devices.
One industry challenge, particularly for where organisations are interacting with brand new customers, is to understand what atypical is.
This is where access to a blend of syndicated, personal and non-personal data enables fraud prevention services come into their own. The view of historic behaviours, geolocation or profile discrepancies and velocity of data very quickly helps identify trust and pinpoint risk. How likely is it genuine that the same identity is applying with subtle changes to the overall application data for multiple products across different devices, time zones and in different languages in a short timeframe? Services deployed in isolation would only expose one side of the story and a holistic view paints the best picture.
It’s important to remember that devices are increasingly becoming the portal through which active accounts are managed and transactions are facilitated. It is important that appropriate monitoring is not only deployed within application processes but within other device driven interactions where is it appropriate to do so.
In parallel with the above metrics, it is worth calling out that the value of mobile technology (as an asset) has increased in line with its functional capabilities – this year saw the launch of the iPhone X, the first mobile phone with a retail value of £1,000. They are an investment on both a personal and corporate level, across mobile phones, tablets and PCs. Device intelligence is something that organisations should be taken just as seriously internally as within dealing with the general public.
The value to a criminal isn’t just in the asset though. We store an incredible amount of information and account credentials within devices – so customers who lose their phone, lose much more than just the ability to post to Instagram or update a Facebook status.
According to a report by Assurant, one of the largest mobile device insurers, a third of all British families suffered theft of a mobile device or tablet in the past three years, more than half failed to report it to the police. Recipero (part of Callcredit Information Group) stats show that mobile phone losses are three times higher than mobile phone thefts.
IMEI data is used across the law enforcement as a key data item in crime prevention for mobile devices, and therefore I can see value in making the most of this data (when available) to support authentication of users and understanding whether a device may be compromised. Indeed it plays into further value propositions to end-customers’ security concerns, that if the worst should happen and a device is stolen that an organisation could pro-actively (and remotely) disable activity for accounts which could be facilitated by that device.
It is sometimes easy to take for granted the ease with which we can now transact, but organisations must not get complacent in their delivery of services online. The digital channel, enabled by the ever increasing adoption of devices, by its very nature removes some historic controls – however I truly believe adaptive and appropriate device insights can be a highly cost effective way of mitigating risk and protecting genuine customers.
Author: Josh Gunnell