There’s no doubt that financial organisations in the UK take the threat of financial crime and fraud seriously. The recent True Cost of Compliance report from Oxford Economics and LexisNexis Risk Solutions shows the cost of financial crime compliance for an average UK firm stands at over £194 million per year.

Financial organisations have invested huge amounts in technology, software, and training over recent years to counter criminal attacks. Fraudsters and scammers, however, are relentless in their determination to circumvent these sophisticated security processes and their most recent approach is to weaponize banking customers.

The weaponization of true customers

Effective customer due diligence is often built on a chain of robust checks, knowledge, and understanding. Multi-factor authentication at onboarding and login – relying on layers of knowledge and intelligence drawn from the user themselves, their device, and their patterns of online behaviour – can be extremely effective at keeping criminals out. Realising this, criminals use genuine customers to gain entry. 

Multifaceted fraud attacks

Once in, a fraudster in full control of their victim can instruct them to send money wherever they please – effectively making them complicit in the fraud. Known as automated push payment (APP) fraud, it’s a massive issue for UK banks, costing victims over £600m in the first half of 2022 alone.

Alongside APP scams, application fraud and Account Takeovers (ATO) are two other types of attacks that prey on genuine customers.

Application fraud is a broad term, but the fundamental approach is that a fraudster opens an account with an organisation using identification attributes that are either fake, stolen, or both. The primary objective is usually to abscond with funds or to receive transfers of stolen money to the account. In both instances, the owner of the stolen information is unwittingly weaponized and only suffers the consequences later when the bank pursues them for unpaid debt, fees, or fines. 

ATO fraud sees a fraudster take control of a genuine customer’s account, without the true holder’s knowledge or consent. Personal information, login details, and passwords can be obtained via the dark web or a combination of social media skimming and phishing or smishing attacks, or through manipulation. Once access is gained, the fraudster has free rein to empty accounts, apply for credit, or make high-value purchases, without the victim’s knowledge. 

Consumer expectations for online and mobile services to be quick, convenient, and seamless only add to the challenge for financial services providers in addressing these criminal attacks. This is where behavioural biometrics signals come into their own, as part of a multi-layered fraud solution.

Distinguishing between patterns in human behaviour

Behavioural biometrics offers firms the ability to measure and uniquely distinguish patterns in how people behave. To be clear, these insights are quite distinct from physical biometrics, such as facial and fingerprint recognition. 

Pure behavioural biometrics technology concentrates on the individual traits and habits that make us human. The speed and cadence of our typing, how much pressure we exert on the screen, the typical tilt of our device, and which hand it’s held in – known colloquially as ‘type and swipe’ signals – that every device detects when in use. The unique advantage of leveraging this intelligence is that it can’t be mimicked or stolen by a fraudster.

Sophisticated machine learning analyses a customer’s behaviour to form an expectation of how they act. This intelligence helps build a unique profile of the customer that can be used to authenticate them at subsequent logins, protecting both them and the organisation from fraud attacks. The benefit of this in helping improve the experience for genuine customers and also preventing APP scams is clear – a victim being manipulated by a scammer is likely to display altered behaviours during a transaction. Typing erratically or making errors due to stress, pausing as account information is dictated to them, or switching between typing and holding their phone to their ear – behavioural biometric analysis can flag these anomalies and alert the bank to consider imposing additional layers of security, or pause the transaction altogether.

Of course, no single piece of intelligence – whether digital or physical – is a fool-proof fraud detection measure by itself. But, combined with myriad other layers of data and intelligence, behavioural biometrics form a completely passive layer of user authentication, requiring no additional interaction or effort from the genuine customer.

Click here to learn more about behavioral biometrics.