VISION FX: The phishing-resistant future of banking security
Financial institutions, regardless of size or geography, are constantly balancing customer experience and increasing security to combat the rise of fraud.
As a partner to more than 60% of the world’s largest banks for three decades, we set out to create one of the most secure solutions for modern digital banking experiences that protect against social engineering attacks.
VISION FX is a first-of-its-kind transaction verification innovation that helps banks of all sizes future-proof security by combining the benefits of robust FIDO protocols and OneSpan’s patented Cronto® cryptogram technology.
We designed VISION FX as the most secure and user-friendly option available for banks and financial services organizations to meet some of their most crucial needs: creating efficient customer experiences and preventing fraud.
The state of fraud and customer experience for today’s financial services organizations
Fraud is an expensive issue for banks, lenders and other financial organizations. While global phishing attacks increased 5.5% year over year, 81% of reported fraud instances in Japan in 2023 were phishing attempts, with ¥ 3 billion stolen in the first six months alone of last year. The 2023 LexisNexis® True Cost of Fraud™ study found that every $1 lost to fraud costs financial services organizations in the US and Canada more than $4.
Social engineering attacks — such as phishing credentials from an email and smishing data via text message — are not only on the rise but are also becoming more sophisticated. Countries in the EMEA region reported higher instances of social engineering attacks.
Another common fraud tactic for digital financial services includes attackers intercepting and manipulating messages between these companies and their customers for some type of gain.
Adversary-in-the-middle (AiTM) fraud – also known as “man in the middle” (MitM) attacks – steals data and credentials from end users and can erode brand trust.
Fraudulent transactions can not only result in financial loss, but also customer churn for banks. Those who experience fraud are more likely to leave their bank or end a relationship with a financial institution.
Preventing every fraud attack and attempt is not feasible for even the most well-resourced IT teams. Knowing these attacks are so common, bank IT leaders should consider the right combination of tools and strategies that work to protect against attacks and aid in recovery to minimize losses and impact. Building layers of protection is important, but it cannot come at the expense of customer experience.
Excellent and secure customer experience is table stakes
In addition to facing an evolving threat landscape, financial services organizations are responding to changing consumer behavior. Customers expect easy, quick digital options in almost every aspect of their lives.
Fraudsters know people are moving fast today and exploit their trust through social engineering attacks to gain unauthorized access to accounts and information. Financial transactions are vulnerable without strong customer and transaction authentication.
Customer authentication and transaction signing in the banking industry have evolved over the last couple of decades, a trend that will continue into 2025 and beyond. Transaction authorization or signing is one layer of protection for transactions—whether in retail banking, commercial banking, or wealth management.
What is transaction signing or transaction authorization, and why is it important for banks?
Transaction signing or authentication is a process that creates a unique signature in a transaction to record details such as account numbers, transaction amounts, and dates to verify the integrity and authenticity of financial transactions.
An important part of this process is what you see is what you sign (WYSIWYS). Parties in the transaction see the details of a transaction, review it, then approve the transaction. Once signed, the details of the transaction cannot be altered, either purposefully or by accident.
Cronto technology is a visual way to sign transactions that helps financial institutions counter “adversary in the browser” (AitB) attacks. AitB is a type of AitM attack in which a fraudster modifies transactions to steal data or money.
By using authenticators like VISION FX, banks can help assure customers that transaction details are correct and communicated visually on-screen on a trusted, secure device.
A phishing-resistant future with FIDO technology
Phishing resistance, especially in transaction authorization processes, is key for banks and other financial services institutions. Moving to passwordless banking solutions for your customers can help protect them and you from social engineering attacks.
While AitB attacks often utilize some form of phishing to get an end user to download a Trojan horse, it’s equally important to remember that customers can be exploited into revealing a one-time password (OTP) or other credentials that can lead to financial fraud.
Passwordless authentication reduces vulnerability associated with static passwords by creating dynamic authentication codes that can only be used once. FIDO-enabled solutions for banks and banking transactions offer a streamlined user experience that is secure and fast.
In addition to phishing resistance, financial organizations should consider how security solutions offer protection against AitM attacks with replay resistance. FIDO2 authenticators can not only offer replay resistance but also secure key storage that helps minimize disruptions and maintain security in the event of a server breach.
Future-proof banking authentication with VISION FX
OneSpan’s VISION FX authenticators combine FIDO and Cronto technologies to create an innovative solution designed to be compliant with regulations, such as PSD2 and PSD3.
VISION FX covers six key security attributes to offer the most secure transaction experience for banks and their customers, protecting against today’s and tomorrow’s threats. Key features include two PSD2 requirements, dynamic linking and WYSIWYS.
Dynamic linking with zero footprint is another way to prevent AitM attacks. It helps protect transaction details after authorization without the need for drivers or additional software to maximize both security and convenience.
A seamless and secure banking experience with VISION FX
OneSpan VISION FX combines the power of two innovative approaches to banking security – FIDO and Cronto – to mitigate fraud and secure high-value transactions without sacrificing user experience. Investing in this future-proof solution helps protect against the social engineering attacks we see today and from tomorrow’s fraud attempts.