One of the biggest challenges in mobile banking is maintaining tight security when banking access is now in the palm of every client’s hand. Not only is identity theft on the rise, but people who lose their phones put their own bank security at risk with auto-logins and on-device password managers. There are now dozens of ways for someone with nefarious goals to try and access a client’s mobile banking account, and it’s up to the banks to stop them.
A great innovation of modern data security is fraudulent login alerts. This happens when the platform detects something fishy and refuses access until authentication can be sorted out. These defenses have saved thousands of people from fraudulent bank transactions at the hands of hackers, and your mobile banking app can provide a stronger defense by adopting more fraudulent login identification methods.
Here are the top seven ways a mobile banking app can identify fraudulent logins:
Distant Location Login
The easiest trigger is when a login occurs far away from where the client is usually found. A new device in a distant city, another country, or across the world almost certainly isn’t your customer. Clients will appreciate that foreign hackers were denied access and have a greater motivation to let the bank know of their travel plans if they do intend to bank from another location soon.
Multiple Failed Authentication Attempts
A very common sign of attempted hacking is failed multiple login attempts. While this could be someone who forgot their password, the more comprehensive authentication is the less likely this is to be true without simply clicking for password recovery options. If a familiar device tries to log in and fails several times, the device may just have been stolen. If a new device fails to log in several times, this may be an attempt to steal the client’s account.
New Device – Unusual Architecture
Mobile banking must work on a variety of devices for one client, because modern consumers often have a phone, tablet, laptop, and workstation that they bank through. However, your clients will tend to have a pattern or preference for devices. For example, one client may only use Android and Windows devices, so a new login from an Apple or Linux device would be especially fishy and worthy of an extra layer of authentication.
Login Attempt with Wrong OS Background Account
Interestingly, you can also use the popular universal login options as a way to red-flag attempts by someone who is not your client. Most people never log out of their Google or Facebook accounts, and mobile devices often have one inherent and always-connected account active to speed up app logins.
Have your app check who the browser/mobile OS background account is. If, suddenly, a new background account is trying to access a customer’s account, red-flag it and deny them access!
Failed Biometric Scan
Biometric scans are becoming more and more popular (and possible) with the recent advances in mobile devices. Now, fingerprint and retina scanning are a realistic way to verify the identity of a mobile banking customer. While not all devices have this capability (so it cannot be mandatory yet), consider integrating biometric scanning into the authentication process for any client when they use a compatible device.
This way, if an intruder tries to hack the account with the stolen advanced device or a high-end device of their own, biometric scanning failure will alert you to a fraudulent login attempt.
Failed Persona Authentication
There is something new in the industry known as Personal Authentication. Backed by biometric technology and Big Data, a Personal Authentication identifies the way a user holds their phone, tilts their head, and taps their screen. A change in these basic patterns can indicate that someone other than your usual client is trying to access their account.
Two Simultaneous Logins
And, of course, always watch out for two logins at the same time. Especially if one is on a trusted device and one is not. Customers often log in simultaneously on their own trusted devices, but rarely are logged into a trusted device and a borrowed computer at the same time. And never in two distant locations. So watch out for simultaneous logins and suspicious new devices or locations in conjunction with simultaneous logins.
Find out more about Fern Software solutions, click here to request for our brochures for free!