Why banks must work with customers to balance security and usability
One of the timeless questions in banking is how to achieve the right balance between security and ease of access for customers. Many of our clients (such as Allied Irish Banks and Nationwide) have told us that one of the reasons they purchase our digital banking Dashboards is to see how their peers tackle this very problem.
There are many frustrations that customers can experience with their digital banking, thanks to banks’ attempts to keep their money secure. While having your card cloned or account plundered causes a huge amount of upset, needing to remember eight passwords and carry two card readers around with you at all times is hardly ideal.
I’ve experienced card readers running out of battery, or simply breaking in two because they are too flimsy (as banks, quite reasonably, aim to come up with lightweight solutions that can be rolled out to millions of customers at once). Waiting for replacements and repairs (or simply wondering where you last put the card reader) is certainly a strong argument for biometric security solutions – fingerprint identification and face or voice recognition technology.
Of course, biometric security solutions present their own set of challenges. While it seems reasonably secure at the moment, ways to get round this security measure fraudulently are undoubtedly going to appear. Indeed, while this form of authentication relies on something unique to you, it is essentially turned into yet another ‘code’ in order to be readable by a machine.
It may be harder for hackers to access and make use of, but biological data is very valuable – and you can’t change your fingerprint following someone hacking your smartphone.
And biometric solutions are unlikely to totally replace every other form of authentication. The toughest security comes from making use of the three different layers at our disposal – what you have, what you know, who you are (biometrics). Multi-step authentication is more secure when the various steps represent different types of authentication. That’s why you may log in with a thumbprint and then be asked for a passcode in order to set up, for example, a new payee. Multi-factor authentication is still preferred by 73% of Europeans in Visa’s recent Biometric Payments Study.
The Visa research states that fingerprint verification is the most popular form of biometric technology among consumers, with respondents perceiving it as more secure. From Mapa’s own Mobile Banking Apps Benchmarking tool, we’ve seen that consumers appear to appreciate apps that make use of native features of their devices, such as biometric authentication. We expect it to become more common, with more banks offering it as an option in the coming months.
Sharing DNA: a next step?
More than half of UK consumers between the ages of 23 and 50 said that the security of their finances and personal information is their top priority when selecting a financial institution, rather than factors that used to be the top priorities, such as interest rates and ease of accessing funds, according to a report by Telstra quoted in TechWeek Europe.
The study found that smartphones are the number one means of accessing banking services and managing finances in this age group, and a third said they would be willing to pay extra for more sophisticated security measures.
Twenty-five percent of those surveyed said they would consider providing DNA for security purposes, further emphasising the importance attached to security by British consumers.
Keeping accounts safe: layering and multi-contact
One way to help customers protect their money better without the intrusion of too many screens, or the inconvenience of a separate device like a card reader, may be via emails and texts. If someone is using the mobile banking application then you know that SMS and (most likely) emails will also reach them. This can be used for confirmation more than necessarily validation.
For example, many banks are offering people the chance to report, via the mobile banking app, that they are going on holiday – and some banks will even helpfully remind you to set this up when you are at an airport, thanks to geolocation technology. But if your phone has been stolen along with your credit card, this is a little bit useless – and shows why emails and phone calls are still used as a verification method.
Indeed, a mobile phone number as a method of verification is not particularly secure – we’ve seen someone fall victim to this after having his O2 account hacked.
The challenge many banks face is how they can move away from being mere digital money stores to proactively helping customers manage their money. Indeed, as well as being a useful way to improve active customer loyalty, this should be seen as an obligation that banks need to take seriously. Security is part of this.
The key is to work with the customer on the security options that they most desire. While a customer with a lot of money in your vaults may want several layers of security to access or move their money – and not mind the inconvenience – a customer with an overdrawn current account is likely to be less concerned. However, a choice on security options should be provided.
While there are certain accounts where taking out money should not be made too easy (such as ISAs!) it’s important not to make security and authentication a pain point – this can be a great opportunity for enhancing the customer’s perception of your brand. Try to be proactive rather than reactive: the data you hold along with smart technology should allow you to make security helpful and not a hindrance.
The perception of what is ‘good’ and ‘expected’ in terms of security changes all the time, is different over different cultures, and will be different depending on the assets you wish to protect. Banks need to be in a position to offer different security measures at different stages in the customer life cycle and work with customers to be as helpful as possible.