In implementing risk-based authentication â often using a combination of device identification, IP geolocation, and challenge/response questions â banks seem to have been able to strike an appropriate balance between authentication âstrengthâ and customer convenience. Many banks report that new authentication techniques have reduced online fraud losses while driving increases in consumer Internet banking adoption and usage. This counters early concerns that stronger authentication technology would inconvenience consumers to the point of driving online banking usage down.
Moving forward, TowerGroup advises U.S. banks to continue augmenting current risk-based authentication technologies with additional device-identifying components, especially IP intelligence data. Further, banks should implement back-end fraud detection technologies that identify transactional and behavioral anomalies, and seek out ways to share fraud data pertaining to known fraud sources across the industry. Banks cannot simply meet the current FFIEC guidance and rest on their laurels; they must continue stay ahead of the curve.