Fraud is a problem that many financial institutions and organizations. While having cyber security may help, some attacks can bypass these like New Account Fraud (NAF) and Account Takeover (ATO).
What makes it harder for companies is that the start of the attack may start at the customer’s digital journey. That is where multifactor authentication can help. Requiring authentication at every step may be the best solution to fight fraudulent transactions.
The Customer Journey
It starts with the creation, verification, and authentication of a new credit card account or Demand Deposit Account (DDA). These can be used to enroll financial accounts with online merchants, open digital or mobile wallets, purchase goods or services, or transfer funds.
Because of this, the fraudsters can attack at different points. Thus, the need for multifactor authentication.
Here are some points that fraudsters may target:
Account Opening and Onboarding – This refers to the opening of a demand deposit bank account remotely, including an associated debit or credit card. In this process, the customer accesses a website or downloads the mobile application of the financial institution to apply for a new account.
Payment Authentication – Another possible vulnerable point is the person-to-person (P2P) payment authentication that is done during the enrollment or when completing a transaction. It allows digital fund transfer between the accounts of individuals. Financial details of the recipient need not be revealed as the transaction is done using a mobile app, online banking, or an online digital solution.
Contactless Mobile and Digital Wallets – These store payment tokens that are associated with a debit or credit card and related PII data. These offer convenient payment channels.
Payment Service Providers or Propriety Merchant Wallet – These are similar to mobile and digital wallets. However, they cover enrollment and payment remotely using third-party mobile applications, online wallets, or merchant sites accepting third-party wallets.
To prevent fraud, the institution has to require multifactor authentication. Ask for certain identifying information before approving the opening of the account. These should include name, address, date of birth, ID number, documentary evidence of residence and nationality, fraud protection information like a mobile phone number.
Validation of identity is also a must. It can be through vendor identity verification, credit bureau, or point solutions like device verification, document verification, email address, mobile number, and biometric capture. You can support device biometrics, facial recognition, iris scan, or passcode in authenticating purchases. To add another security feature, you can ask clients to add information during enrollment that will enable them to receive an OTP for every access or transaction.