Blog

Flexible layered security: Because not all transactions are created equal

Written by Q2 | 29 Oct, 2018

This week I’ll again focus on the multi-layered security approach. This approach helps keep your account holder experience safe while protecting against brand fraud. I will discuss how Q2 protects your brand with our multi-layered security approach by detecting anomalous transactions.

I recently was asked to speak at ePay’s Executive Payments Summit on transaction fraud. I asked the audience before I started my presentation, “Is fraud in the digital channel going up in 2019?” Every in the audience answered “yes.” Bad actors, an expanding threat surface, and better and more technology for hackers all lead to this conviction.

Meanwhile, the digital channel is moving fast. At the summit, we discussed the coming of Real Time Payments (RTP), and a better bill payment experience that will settle funds faster. We can’t stop the innovation train, but we can help detect the riskier types of transactions and require an additional layer of authorization.

So, what’s considered a risky action in your digital channel? The answer can be different for each financial institution. Depending on the demographic makeup of your customers, you may deem certain transactions as not high-risk activities. Then, you have to ask yourself, “How do I balance a great customer experience while reducing security and fraud risks?

The answer: You must design and apply a multi-layered security approach to reduce the risks. Within your digital channel you should have the ability to monitor user behavior and transaction characteristics to identify anomalous transactions and activity. If suspicious user behavior is detected, place dubious transactions on hold and require FI approval or require additional authentication.

You may want additional security features for different groups of customers. Your digital channel should allow for stronger authentication controls by groups with access to higher-risk transactions or entitlements. And you can improve the customer experience by having different levels of controls, such as transaction or approval limits by segmented customer groups. For instance, an executive may want a company’s small business groups to be able to initiate an outgoing external transfer up to $5,000 dollars but limit risk exposure for retail clients to only $1,000 dollars.

In another scenario, a small business initiating over $1M in ACH activity may require a positive pay solution that matches originated transactions with paid transactions. In 2018 alone, Q2’s positive pay solutions have detected and stopped over $70 million in fraud activity. These examples serve an important point: By having the flexibility in your security controls, you improve the overall customer experience but still manage the security and fraud risks.

This concludes my series of blogs about just a few of the ways that Q2 protects your brand and your assets with a multilayered approach to security, and by developing your applications with a security-first approach. I hope you’ve enjoyed reading my posts—and have learned a little something as well. 

Thank you and Happy Cyber Security Month.