In a world of scammers attempting to separate people from their hard-earned money, the next step in security is to be able to automatically verify who you are talking to before you tell them anything.

By Tim Spring

As of 2022, Forbes reports that 78% of American adults prefer to do their banking digitally through an app or a website. It’s not hard to see why: it’s a quick and easy way to manage your money. Unfortunately, it also provides a new way for bad actors to try to gain access to accounts by pretending to be your bank, usually through text or email. This technique, sometimes known as bank spoofing, can be very convincing, with scammers able to edit the messages to look like they are coming from a legitimate source.

While most consumers will not respond to a message out of nowhere, a small percentage will respond by providing their personal information to sort out whatever problem they’ve been told is happening with their account. The result is devastating. 

Banks have numerous ways to verify their customers online, but customers have no way to verify their banks.

Currently, if a customer tries to access their bank account online they will need to provide their account name and password, and hopefully either some sort of multifactor authentication tied to their phone or a set of security questions. This provides a degree of security and confidence that only the correct person gets access to the account.

But, if the direction of interaction is reversed, and a customer receives a communication from their bank, they have three options: 

  • Independently verify the message by logging in to their bank portal or showing up in person. (This requires additional time and energy, resulting in poor customer experience.)
  • Ignore it, assuming it is a scam. (It’s never good to have customers dismiss messages by default, particularly if the message is legitimate and urgent.)
  • Do what the message says. (Risk being scammed.)

So how do we tackle this problem?

The answer would seem to be: give banks a way to prove who they are to the customers. But our current systems simply aren’t set up for that. Would we give banks a username and password for them to use when getting in touch with a customer? That leaves the customer needing to remember two passwords, and what if the customer forgets that password? Then we’re back where we started with just having to trust the bank’s outreach. 

Decentralized identity offers a simpler and much more effective way for customers and banks to mutually authenticate each other before exchanging any information. It allows both parties to cryptographically verify that they are who they say they are and to do so automatically and before sharing any data.

This ability is impossible to spoof and by connecting customers and banks this way, not only can you eliminate the need for passwords and MFA, which can be lost, stolen, or otherwise compromised, the customer can verify that they are indeed interacting with the bank.

According to BioCatch, scams now account for 54% of cybercrime across the APAC region, with a 200% surge in voice scams from 2022 to 2023. There is an inherent lack of certainty in knowing who we are communicating with online, which is enabling these criminals. Fraud  losses across banks amounted to $1.6 billion in 2022. Adopting these new systems will save financial institutions real money, improve your customer’s experience, confidence, and retention, and save time and energy combating fraud.

This communications channel can be used for so much more than verification. Once the connection is established, you can be confident in who is on the other end, enabling secure messaging between parties (from both sides the bank can send the customer updates, and the customer can ask questions or send their own messages back), banking functionality such as payments or transfers can be accessed through APIs, and much more.

This article is not to say how we think “oh this would be nice…” or “in a perfect world…” 

This technology is here. Now. And it is ready to be used. 

Indicio’s Holdr+ already has two way messaging through DIDComm built in, and you can try it yourself for free on Google Play or the App Store.

If you would like to learn more about decentralized solutions for financial transactions you can read more here.

If you would like to experience a full decentralized solution for yourself you can sign up for our free trial of Proven Sandbox.

If you have questions for the Indicio team about a potential solution for your organization please get in touch here.