The pandemic changed our behaviour when it comes to digital banking, shopping online and making payments – but criminals have been equally fast to react. Banks in Hong Kong, for example, saw a 145% increase in phishing fraud in the first half of 2021, while in India, phishing attacks increased by 87% between 2020 and 2021.
Countries in Asia Pacific face different challenges in terms of fraud. Singapore, for example, has been plagued by various impersonation scams in recent months, while Thailand has seen a rise of synthetic identities and the Philippines has experienced a rise in volume of malicious botnet orders between 2019 and 2022.
Financial institutions and regulators in Asia and around the world are racing to keep one step ahead of increasingly innovative fraudsters. But the defences more frequently used by banks and other businesses – static passwords and One-Time-Passwords (OTPs) sent by email or SMS as a second form of authentication – are increasingly inadequate as the techniques of criminals grow more inventive.
Behavioural biometrics, as an advanced authentication method, is an enormously valuable and sophisticated defence in the fight against fraud. Biometrics techniques, such as facial recognition, are already used during the authentication process, but criminals have found ways of circumventing these security protocols, by stealing sign-in credentials, for example, or the use of fake photographic images, deepfakes videos or SIM swaps. These authentication methods also offer little protection in cases where a user has been deceived into thinking they are dealing with their own bank.
Behavioural biometrics offer a further layer of protection through the ability to recognise the “expected” interactions of a legitimate owner of the account with their devices or applications, such as the way they hold their phones, swipe or press keys. This confirms that the customer is who they say they are and also helps a business be able to recognise if the customer is acting under instruction or duress – if their normal behaviour, in other words, is being disrupted for any reason. It is also highly effective in recognising bot activity and the use of remote access tools by bad actors.
Following the acquisition of BehavioSec, we are able to offer clients even more sophisticated solutions that leverage behavioural analysis for more accurate identity authentication. LexisNexis® BehavioSec® uses advanced behavioural biometrics technology, that when combined with the digital identity intelligence capabilities of LexisNexis® ThreatMetrix®, can create risk scores and other insights to support confident risk decisions.
Behavioural biometrics adds a high level of security to identity authentication workflows, establishing trust in the relationship in a passive way, without adding any unnecessary friction to the customer experience. The adoption of behavioural biometrics is gathering pace as regulatory momentum around privacy protections continues growing. In February 2021, the Reserve Bank of India published new guidelines on digital payment security which requires banks to use multi-factor authentication for electronic payments, including at least one dynamic or non-replicable method such as behavioural biometrics. Banks should also be able to identify anomalous behaviour in users, it added.
Regulators in Asia Pacific are considering various measures to further strengthen fraud controls, including the use of behavioural biometrics and push authentication as more secured methods of authentication. It is likely that regulators will continue to encourage the use of behavioural biometrics in the authentication process but there is little reason for organisations to wait for a mandate for their use. Behavioural biometrics can be highly effective in combatting fraud and improving the customer experience, creating benefits for organisations and customers alike.
For more information about how BehavioSec® can support your business and improve risk management, contact us.
Transform human interactions into actionable intelligence.
Learn MoreEmail addresses and their risk should be a key part of your organisation’s identity management strategy. LexisNexis® Emailage® is a powerful email risk scoring solution.
Learn MoreEnable cybersecurity and risk management through data science innovation and shared intelligence.
Learn More