Protecting banking customers and Financial Services providers against fraud by stopping the theft of digital identities and personally identifiable information.
The financial services industry faces significant cyber and insider risks:
target for cyberattacks
of data security breaches are financially motivated
of data breaches originate
from weak usernames and passwords
target of hackers using phishing
to breach security
Customer Impacts of Fraud
Fraud involves tricking a victim into providing something such as personal details or money.
Increased digital connectivity has seen opportunities and mechanisms for perpetrating fraud proliferate. The internet is one of the principal tools for committing consumer fraud.
Recent research published by the Australian Institute of Criminology highlighted that victims of online fraud experience substantial financial and other harm, including emotional and psychological impacts, from their victimisation.
Financial Services Impact of Fraud
KPMG’s recent Global Banking Fraud Survey highlighted that fraud typologies have increased from 2015 to 2018 with the most common including identity theft and account takeover, cyber-attacks, card not present fraud and authorised push payments scams.
The survey highlighted that over a half of the respondents experienced a year-on-year increase in fraud value, more than 60% experienced an increase in fraud volume, and over half the respondents recovered less than a quarter of their fraud losses.
Identity Protection with Authenticate
Fraud Prevention with Haventec Authenticate
The Haventec Authenticate decentralised identity broker can be deployed to compliment an enterprises existing digital banking solution. Haventec Autenticate integrates with all of the major Identity and Access Management solutions through a standard Open ID Connect interface, eliminating the need for your enterprise to maintain a centralised store of sensitive user credentials.
The protections afforded by Haventec Autenticate do not require the enterprise to push additional complexity into the user experience. The Haventec Authenticate user experience replaces the username | password screen with a simple user secret screen – this secret is never stored or transmitted. This user secret can be as simple as a 4-digit pin or biometric hash. We also offer a password-free experience – one that eliminates operational risk as it does not require a central credentials store to be maintained, unlike other “password-free” offers in the market that substitute a password for another factor, but continue to store the passwords centrally.
Haventec Authenticate protects digital identities with our patented rolling key in-line multi-factor authentication experience – Digital Banking customers love the experience as it does not require them to carry and manage alternate apps, devices, dongles, tokens or remember long complex passwords.
Haventec Authenticate employs two primary data security methods to prevent credential theft:
Breaking data into multiple parts and distributing it across multiple locations – ensuring that when the enterprise is breached, the perpetrator will not be able to steal anything of value.
Single-use Encryption Keys
Changing encryption keys and re-encrypting credentials on every transaction – it is like getting a new user name and password every time you log-in, but only having to ever remember a simple secret, e.g. your four digit PIN.
Data Theft Protection with Sanctum
KYC Data Privacy with Haventec Sanctum
The Haventec Sanctum decentralised data vault platform offers a secure and simple way for digital banking customers to protect their personal information, while eliminating the need for the bank to maintain a centralised store of sensitive data, e.g. Know Your Customer (KYC) information.
Sanctum is easily deployed into an existing digital banking experience enabling customers greater control over the storage and use of their personal information – it also allows enterprises to extend granular consent control to their customers.
Our KYC Data Privacy solution provides banks with the ability to deliver data security outcomes that meet regulatory expectations including the General Data Protection Regulation, the California Consumer Privacy Act and CPS234.
Haventec Sanctum delivers on high security through our patented rolling key data encryption and
deconstruction methods providing the ultimate protection for when the banks network is breached, allowing the enterprise to protect their customers right to privacy.
Haventec Sanctum employs two data vault methods to prevent theft of data:
For consumers, one-time use data puzzles stored and controlled from their device (e.g. phone or browser) – this allows consumers access to sensitive data, when required, and provides them control and consent on how the data is used.
For enterrpises, one-time use crypto math puzzles that deconstruct and reconstruct data every time it is accessed – this allows enterprises to access sensitive data when required without ever having to store it in a form that can be stolen or misused.
Haventec’s platforms are designed to improve customer experience, reduce costs, reduce risks and support agility
Eliminate the Impact of a Mass Account Breach
Remove sensitive information from the network. Ensure complete records are never stored in one location. Change the keys for every interaction. With no central credential store to attack, the incentive is eliminated.
Improved Visibility and Control
Including: User and device registrations. Full device visibility and control. Enhanced device verification. Activity audit and reporting. Stream feeds into intelligence systems. Allows organisations to monitor application traffic in front of the VPNs.
Audit Data Access
Enhanced visibility and control of data use. Enhanced device verification. Secure data recall. Activity audit and reporting. Stream feeds into intelligence systems.
Empower User Controls
Secure data storage and data sharing experience. Granular consent controls over the management, tracking and sharing of their personal information. Also allows for revocation of consent.
Stop Common Attacks
Including: Phishing, Credential stuffing, Social engineering, Shoulder surfing, Password generators and Brute force password attacks.
Protect Critical Data at Rest
Decentralised organisation data vaults. Decentralised user data vaults on their device.
Ease Burden of Compliance
PCI-DSS compliant service. Helps enterprises meet their regulatory privacy obligations.
Improved Customer Log-in Experience
Options include PIN, Biometric and Password-free.
Get in touch
We’re ready to help you with any questions or enquiries you may have. Please contact us using the form on the right. Alternatively, jump straight into our Developer Documentation to get started.