Use layered security to protect accounts from a breach

This content is provided by our sponsor, and neither is written by nor provides endorsement from ICBA.


Building a reputation as a trusted financial partner takes time and effort. By contrast, an otherwise spotless reputation can be lost after a single security incident.

The need to shore up defenses is nothing new. However, digital platforms have become a primary interaction channel, and fraudulent activity associated with them is rising. Cyber criminals deploy a range of tactics, often attacking one security gap while you are distracted with another.

And just as armor layers upon itself for increased safety, your bank can layer precautionary measures to safeguard a wider range of account breach vulnerabilities. The following three precautions are useful defenses, made even more effective when complementing each other.

Prevent vulnerable passwords

Often, account breaches begin with something as simple as an unsophisticated or overused password. A password security check system protects user credentials at login by checking the password against a list of breached websites. If a breached password is discovered, this system will notify the user and require a password update.

Institutions can make additional modifications to password security checks like changing the alert threshold, customizing default messaging to reflect their branding and providing password change deferment options. With these additional tools, educated staff can appropriately respond to concerned customers that have received alerts.

Verify the User

If a password is compromised, all is not lost. Out-of-band authentication protects against unauthorized access by requiring secondary channels for identity verification. Whether by SMS, app push or a phone call, this measure mitigates the risk of a breach. Even if an unauthorized user learns a victim’s password, it is unlikely that they also have biometric data or the victim’s cell phone, thus preventing their access.

Institutions should carefully consider when to apply out-of-band authentication. This measure can be applied at login, PIN change or ACH approval and access. Commonly targeted features like P2P, bill pay and external transfers can also benefit from additional authentication.

Pinpoint abnormal behavior

One of the most critical times to apply out-of-band authentication is when abnormal account behavior is detected. Fraud anomaly detection solutions that leverage machine learning notify your institution of atypical behavior. These tools review common transactions and send notifications when unusual activity occurs beyond a predetermined threshold.

Whether there is a surge in withdrawals, payments from new locations or anomalous transfers, fraud anomaly detection sends alerts to stop fraud in real time. In addition, triggering a second authentication requirement when a suspicious transaction occurs can further limit fraudulent activity. Institutions that wish to deploy fraud anomaly detection should enable real-time notifications and designate staff to review alerts regularly.

Providing protective layers

Altogether, implementing a layered security approach is the most effective way to mitigate fraud and cyber threats. And it positions your institution as a worthy steward and protector of your customers’ hard-earned funds.

For a more comprehensive overview of layered digital security tools, watch CSI’s webinar on layered digital security.

Watch the webinar.