Citibank’s Friction Reduction Patent: One Giant Leap for Online Banking

New patent from Citibank reduces the inconvenience of logging in for online banking users – it’s a big step, but there’s more to be done, writes Avi Turgeman

While online banking allows consumers to transfer funds, make deposits, and request withdrawals without ever having to visit their bank, security remains a concern as financial scams are becoming increasingly common.

According to the Pew Research Center, 81% of people use online banking at least once a year, necessitating a high level of security as well as ease of use. While banks have worked hard to reduce the number of account hacks and fraudulent activity, these measures have been implemented at the expense of ease of use. In fact, the biggest problem that customers actually face lies with user friction. Most banks try to keep customer accounts secure from breaches by requiring their customers to remember multiple passwords, answer numerous security questions, or provide one-time SMS verification codes. This makes the online banking experience more cumbersome and time consuming for the on-the-go consumer.

Fortunately, some banks are beginning to take note. Last month, Citibank made headlines when granted a patent that enables binding a device to an online account to eliminate user login and authentication. As cited from Citi’s patent:

There is a present need for methods and systems for accessing account information electronically that provide a high level of convenience for on-the-go customers of financial institutions, such as banks, who wish to learn quickly and easily how much money or credit they have in their accounts without repeatedly going through complicated sign-on processes, while at the same time providing a number of controls to ensure that the security of customers’ information is safely maintained.”

According to the patent, device binding can be done, “using a processor of a back-end server, a computing device with a customer’s profile via at least one attribute of the computing device and an encrypted token stored on the computing device.” 

"While this patent is a step in the right direction, it is not a panacea"

Simply put, once implemented, Citibank customers will no longer be required to type their username and password when checking their balance and other information if using the same device, no matter where they are located.

However, while this patent is a step in the right direction, it is not a panacea. First, it only covers low risk activities such as checking the balance in a bank account and doesn’t allow for money transfers and similar high-risk actions. Second, it does not address situations involving login from new devices. And, finally, it doesn’t help to detect malware that takes advantage of the victim’s device to perpetrate fraud via remote access or automated scripts.

Fortunately, there’s more that can be done to improve the online banking experience, creating less friction for users while providing the highest level of security.

Cognitive biometrics complements device solutions like device fingerprinting and device binding as an additional layer of risk analysis and security – enabling banks to reduce friction while protecting their customers, and ensuring that protection is maintained on-the-go and with any device.

By transparently authenticating users in web, cloud and mobile apps, cognitive biometrics can verify that current session behavior matches an established user profile created from previous activity including actions such as how the user holds and touches a mobile device and interacts with an online site.

Since each user will have a distinct biometric signature, which cannot be duplicated by anyone else or by any automated process, fraud detection is more accurate and user friction is reduced.

While Citibank’s patent is a great stride forward for the banking industry, there is still more that can be done to ensure that online customers are better protected and more equipped for the on-the-go digital age.  

About the Author

Avi Turgeman is a founder of BioCatch, bringing over six years of experience in the military intelligence as a researcher, inventor and R&D team leader. During his military service Avi became well versed in white-hat hacking, system vulnerability management, network surveillance, data mining and electronic signatures. Prior to BioCatch Avi worked in the electro-optic industry as a senior researcher. 

What’s Hot on Infosecurity Magazine?