Machine learning and big data: a new dimension in online banking security

Imagine a digital banking experience where we can identify ourselves with absolute certainty, simply by being ourselves. Or an online journey where the authentication process is tailored precisely to the risk posed by the transaction itself.

For consumers trapped in a seemingly endless cycle of usernames, passwords and additional security questions – not to mention blocks imposed on perfectly legitimate payments and transfers – it’s clearly an attractive proposition.

Banks too should find the vision compelling; digitalisation has transformed their marketplace. But, to date, a successful marriage between seamless customer experiences and robust cyber security has proven elusive as traditional risk assessment and authentication solutions have failed to keep pace with the sheer volume of online banking transactions and the scale and sophistication of hacking attacks.

>See also: Online banking and financial services: is the end-user protected?

Historically, additional security layers imposed in response to perceived threats have come at the expense of greater friction for the end user, or an increase in denied transactions.

Fortunately, in an environment created and defined by innovative technologies, the arrival of a new generation of solutions built around machine learning and big data finally promises a way out of this particular paradox.

By continuously analysing the vast array of data being generated by digital banking ecosystems, it has become possible to create a unique footprint for every single customer. Furthermore, effective deployment of machine learning and big data can support sophisticated real-time assessment of the risk inherent in every single online transaction.

For each online transaction, banks must pose an apparently simple question: are you a trusted customer or a cybercriminal? In business terms, this matters. Online shopping cart abandonment rates are currently averaging nearly 70% – a staggering figure. And every transaction unnecessarily blocked, or ditched by a frustrated customer, comes at a price. But at the same time, the commercial impact of any successful online fraud can be devastating, not just in terms of the direct cost, but also reputational damage and loss of trust.

>See also: Cyber crime and the banking sector

Fresh thinking is urgently needed. Above all else, banks must recogniSe that by harnessing the rich array of information now at their disposal, a huge leap forward in the convenience, effectiveness and cost-efficiency of authentication strategies is possible.

Combined with machine learning it can be used to identify and profile customers through a host of personal and device characteristics. Furthermore, this can all be done in real time, without any need for conscious input by the end user. Deviations and abnormalities that might indicate a risk can be highlighted and challenged with a far greater degree of speed, subtlety and precision.

The good news for banks is that solutions powered by big data and machine learning are now ready to deploy. Behavioural biometrics can be used to monitor a user’s keystroke dynamics, touchpad and mouse movements and analyse the behaviour of both users and devices in minute detail.

During an online transaction, these are compared with those recorded during previous interactions with the same user to help distinguish between normal and unusual shopping patterns; the volume, location, frequency and velocity of transactions are all tracked.

>See also: 1 in 4 banks struggle with online customer verification

Analysis of device characteristics is equally sophisticated, including the ability to detect the use of cloaking services to hide an IP address, for example. With all these tools combined it is possible to automatically spot a vast range of anomalous behaviour. Crucially, these capabilities extend far beyond traditional solutions, which are typically based on a relatively limited and inflexible set of fraud indicators.

In practice, the combination of machine learning and big data spells an end to a simple binary approach to risk assessment and implementation of additional security layers. In its place comes something as flexible and dynamic as the digital ecosystems themselves. Based on risk scoring that is determined by a spectrum rather than a simple yes/no response, solutions such as the Gemalto Assurance Hub (GAH) will consistently trigger the most appropriate authentication method, thereby helping to reduce friction in the consumer experience.

Consequently, end users are far less likely to face additional authentication requests where there is no real risk of fraud. Yet the detection of potential cybercrime is far more agile and effective. What’s more, banks enjoy the freedom to adapt their security procedures in line with the expectations of individual end users; whilst many customers will prefer authentication to be as transparent as possible, others will still appreciate the added reassurance provided by clearly visible procedures.

Given the digital domain is routinely characterised as anonymous and distant, there is a certain irony to the fact that it can now provide banks with all the data they need to create rich, multi-dimensional profiles of the customers engaged with it.

>See also: Securing the future of banking from the cyber threat

However, in utiliSing this resource, banks must pay utmost respect to end users’ right to privacy. High end encryption is essential throughout the process to ensure comprehensive protection of sensitive personal information against hacking attacks.

Equally, authentication should be treated as a critical element of the relationship-building process. When combined with the analytical capabilities of machine learning, the effective use of big data means that security and convenience need no longer be considered mutually exclusive.

Above all else, these new technologies provide an unprecedented opportunity for banks to address simultaneously the era of digitalisation and differing ages and expectations of individuals.

With authentication and risk assessment tailored to the unique demands of each end user and each online transaction, an invaluable new asset is finally within reach of banks: the power and potential to bring a truly personal dimension to their digital offer.


Sourced by Philippe Regniers, vice president Digital Banking Solutions at Gemalto


The Women in IT Awards is the technology world’s most prominent and influential diversity program. On 22 March 2018, the event will come to the US for the first time, taking place in one of the world’s most prominent business cities: New York. Nominations are now open for the Women in IT USA Awards 2018. Click here to nominate

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...