Entersekt CEO on Scams: ‘Bigger the Bullet, the Thicker the Armor’
If there’s one unwelcome constant in payments, it’s fraud.
Lately, fraud has multiplied, and social engineering scams and others are outpacing traditional fraud prevention measures.
To battle fraudsters, financial institutions (FIs) need to take a proactive, holistic approach to security and scam protection in particular, Entersekt CEO Schalk Nolte told PYMNTS. That means using behavioral analytics and other risk signals to determine the context and effectively step up defenses where necessary to protect consumers and guarantee the best payment experience possible.
It’s not an easy task, given that eCommerce and banks are intertwined.
“The human remains the weakest point of attack, and it’s a scary world out there,” Nolte said.
In the post-COVID age, banks have come around to engaging more often with customers to boost security. Many FIs have two-factor authentication, push notifications or FIDO passkeys.
“They have all these things, but they are not integrated,” Nolte said. “Every single type of attack requires a different response and a different approach.”
Beyond MFAEntersekt’s roots lie with multi-factor authentication (MFA), but only relying on push-based authentication has proven a limited defense in an age where hackers can intercept text messages or lure unwitting victims to push “send” and lose their money in a heartbeat, he said.
Scammers are adept at impersonating bank employees via phone and text to convince their targets that they need to make a payment now. Human nature being what it is, individuals might panic and bow to the pressure. Behavioral analytics, taken on their own, might verify a device being used in eCommerce but may give a false negative, letting a fraudulent transaction get through, or on the other hand it could block a true account holder, causing frustration.
The bigger the bullet, the thicker the armor that is needed. The thicker armor is built by a layered approach to verifying transactions and individuals. Entersekt has been deploying behavioral analytics and context indicators to pick up on signals that can give indications as to whether a phone is being manipulated, Nolte said.
Geolocation offers another line of security. A user in Miami, for example, can’t possibly be initiating a transaction from Myanmar. The layered approach passes signals from one “type” of defense to another, informing an FI when it’s time to step up friction and get its customer involved to give final permission that the transaction should proceed, he said.
“You can’t use just one type of solution,” said Nolte, adding that “if you can use a platform that leverages all of these things together,” such as Entersekt, “and can integrate them, it’s very effective.”
“If we look across the board and say, ‘This is you, but the transaction is originating in a different channel from a different location. So, let’s not only do behavioral analytics, but let’s do proximity authentication,’ where we, as an example, ask the customer to see if they can scan the screen in front of them. And because the fraudster is sitting elsewhere in that situation, they won’t be able to scan the QR, and you defeat them.”
The effectiveness of Entersekt’s approach is reflected in the numbers. Nolte recounted how a large FI client in the United States, upon deployment of Entersekt’s platform, saw payment fraud drop by 99% and logins were “98% frictionless.” In other cases, with smaller FIs, Zelle and account takeover fraud rates have dropped by 90% while allowing greater authorization rates.
“We want to ensure that FIs find it as easy as possible” to build layered fraud defenses, he said, and for individuals going about their daily financial lives, “you should do so without any fear for any transaction wherever you are.”
The post Entersekt CEO on Scams: ‘Bigger the Bullet, the Thicker the Armor’ appeared first on PYMNTS.com.