March 9, 2017 -
The New York State Department of Financial Services’ (NYDFS) new cybersecurity regulations for the financial services industry went into effect last week, which makes authentication solutions like behavioral biometrics easier for financial institutions to comply and protect themselves against cybercriminals, according to a recent blog post by Biocatch.
In late February, NYDFS issued a set of cybersecurity regulations that require New York banks, insurance companies and other financial institutions to create and maintain a cybersecurity program designed to protect consumers and the financial services industry at large.
Though the regulations include provisions related to compliance and reporting issues, many of which are already covered by other guidelines in a more general sense, they also contain requirements specific to multi-factor authentication and risk-based authentications.
The regulations define risk-based authentication as “any risk-based system of authentication that detects anomalies or changes in the normal use patterns of a person and requires additional verification of the person’s identity when such deviations or changes are detected”.
According to the regulations, financial institutions are given the flexibility to use “effective controls, which may include multi-factor authentication or risk-based authentication, to protect against unauthorized access to Nonpublic Information or Information Systems”.
The report explains that this provision allows financial institutions to assess for themselves the ‘friction versus fraud’ argument that can often play a role in deciding whether or not to deploy behavioral biometrics.
Frances Zelazny, vice president of marketing at Biocatch, makes a convincing argument for behavioral biometrics by explaining how the authentication solution can operate in the background without interrupting or affecting the overall user experience, while not relying on malware libraries.
In addition, behavioral biometrics is the only practical method to safeguard against account takeover and monitor a session after the initial log-on.
In other words, behavioral biometrics can “detect anomalies or changes in the normal use patterns of a Person” after the authentication, which is the stage where all fraud occurs.
Cybercriminals have discovered how to evade more traditional authentication methods, such as device ID, IP verification, SMS codes, tokens, and even physical biometrics.
Behavioral biometrics address this issue by providing a built-in solution for continuously monitoring the activity within a session.