Notifications
Clear all
Topic starter
07/06/2026 8:22 pm
TL;DR: Banks are facing APP fraud, impersonation scams, and remote-access abuse that traditional MFA and rules-based monitoring miss because the customer is genuine but manipulated, according to OneSpan. Behavioral and device intelligence are becoming the control layer that reveals intent, session anomalies, and device compromise.
NHIMG editorial — based on content published by OneSpan: Beyond authentication, why device and behavioral intelligence are now non-negotiable for banks
By the numbers:
- Fraud detection and prevention spending by financial institutions is forecasted to surge by 85% by 2030, rising from $21 billion in 2025 to $39 billion in 2030.
- APP fraud is projected to result in global losses of US$331 billion by 2027.
- In the UK, 77% of APP fraud cases started online and 17% started through telecommunications networks.
Questions worth separating out
Q: How should banks detect APP fraud when the customer is the one authorizing the payment?
A: Banks should look beyond authentication and inspect the full session path.
Q: Why do MFA and transaction rules fail against impersonation scams?
A: MFA proves that the account holder authenticated, but it does not prove the payment reflected genuine intent.
Q: What signals indicate a banking session may be under remote control?
A: Look for interaction patterns that are too precise, too fast, or too programmatic for a human session, especially when paired with overlays, remote-access apps, unusual permissions, or screen-sharing behaviour.
Practitioner guidance
- Correlate session behaviour with payment approval Track typing cadence, navigation paths, pauses, and backtracking during transfer journeys, then compare them with historical user baselines before approving high-risk payments.
- Add device-state telemetry to fraud decisions Feed signals for overlays, remote-access tools, side-loaded apps, accessibility abuse, proxy use, and location mismatch into the same risk engine that evaluates the transaction.
- Treat external contact as a fraud signal Ingest recent inbound calls, messaging, or screen-sharing activity as part of the payment decision path when the customer is about to authorise a transfer.
What's in the full article
OneSpan's full article covers the operational detail this post intentionally leaves for the source:
- Session-by-session examples of how behavioural models distinguish coached customers from genuine users.
- Detailed breakdown of device-risk indicators such as overlays, accessibility abuse, and remote-access trojans.
- How the Fraud Risk Suite folds behavioural and device signals into live payment decisioning.
- Regulatory context around PSR and PSD3 expectations for behavioural and device intelligence.
👉 Read OneSpan's analysis of device and behavioral intelligence for banking fraud →
Device and behavioral intelligence for banks: are your controls keeping up?
Explore further
07/06/2026 10:13 pm
Authentication is no longer the decisive trust event in digital banking. APP fraud succeeds because the customer can satisfy MFA, log in on a familiar device, and still be acting under external control. That means the old trust model, which equates successful authentication with legitimate intent, has stopped being reliable for payment approval. Practitioners should treat authentication as entry control, not proof of payment legitimacy.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.
A question worth separating out:
Q: Who is accountable when behavioral monitoring is used to stop fraudulent transfers?
A: Accountability typically sits across fraud, IAM, and digital banking governance because the control spans identity, device, and transaction approval. If a bank relies on behavioural intelligence, it must define who owns tuning, escalation, exception handling, and regulatory evidence so that missed fraud is not treated as an ambiguous control boundary.
👉 Read our full editorial: Device and behavioral intelligence are closing banking fraud gaps
