Innovations in digital banking security focus too much on mobile
Digital security can be defined as the protection of your digital identity: the tools you or an institution uses to protect your identity on the internet and prevent others from accessing your information. In a world where digital developments are moving incredibly quickly, security has become a much bigger issue than ever.
Yet, at the same time, customers want and expect quick and convenient access to their accounts. Customer-facing organisations – including banks and other financial companies – face an ongoing challenge to strike the right balance, providing strong protection while not making security measures so onerous that they prohibit customers from accessing their services. It’s a balance they’ve increasingly been getting right on mobile – but login security on desktops and laptops hasn’t seen the same level of innovation.
Mobile login innovations
Login is a high profile element of digital security – and one where customers are increasingly expecting more from their banks. When it comes to mobile, recent innovations have been keeping pace with consumer expectation. In 2014, Apple launched Touch ID with the iPhone 5s, and thereby popularised the concept of logging into your phone with simply a fingerprint. This launch revolutionised the way many customers gained access to their accounts via their mobile. More recently, biometrics have developed further, to include retinal scans, face recognition, voice prints or even typing patterns. These are all being used or developed as alternative ways for customers to log in to their accounts.
Less than 50% of iPhone users activate a passcode on the lock screen and Quora suggests that the reason for this could simply be that iPhone users access their phones perhaps a 100 times a day. It eventually becomes laborious having to type in a passcode each and every time – though it only takes a few seconds, consumers’ ‘on-demand’ expectations perceive every second as a barrier. By scanning your fingerprint, your security is not compromised and the level of convenience increases tenfold. Passcodes still act as a valid back-up to the use of the fingerprint, as the passcode is often asked for if the phone either does not immediately recognise your fingerprint or the phone restarts, but it arguably makes it more appealing for users to set up security in the first place.
In 2007, the average user supposedly had 25 accounts (be it banking or leisure) requiring a login. Since that figure was recorded, it is very likely that this figure has grown, especially now that most websites and companies require you to be signed up in order to fully benefit from their services.
It is likely that customers will often forget a number of these passwords and passcodes, a problem that can be largely resolved with the use of biometric authentication. In our audit of the most recent Mobile Banking Dashboard, Mapa discovered that out of the 55 providers we audit, only six did not offer Touch ID login within their Mobile apps. Furthermore, of those 55, only five hadn’t deployed any form of biometric authentication. From these figures, it is clear that biometrics is becoming a ‘must-have’ within mobile banking, with banks such as Atom Bank going as far as including face and voice recognition in their list of biometric authentication methods. Moreover, we can see that banks are prioritising the convenience of customers, but not compromising their security.
Desktop authentication has lacked attention
Although there has been an increase in biometric authentication for mobile banking login, the same cannot be said for desktop banking. In the last Mapa Desktop Banking Dashboard, Mapa discovered that 13 out of 25 providers (52%) relied on single factor authentication – typically just a username and password, with some banks also asking for memorable information.
Some banks, such as HSBC, First Direct and Barclays, utilise two-factor authentication (2FA) in the form of security keys – many of which require the customer to carry around a separate token or card reader that they must use to carry out more sensitive tasks, such as adding a new payee. While adding an additional layer of security, customer convenience inevitably takes a bashing. To be fair, all three of these banks also allow customers to use their mobile phone as a digital secure key – which at least means customers will usually have their 2FA device to hand. Yet it still seems that desktop banking login processes haven’t experienced the same revolution that’s been taking place for mobile apps.
To a certain extent, this is understandable. Unlike mobile phones, computers are often used by multiple members of a household; and most computers don’t have fingerprint built into their DNA in the way that Android and Apple phones now do. So there are challenges to overcome.
Yet surely, with the development of biometric alternatives to fingerprint technology, the problem can’t be insurmountable. According to Quora and Zugara research, 78% of laptops, today, have cameras. And, late last year, Lenovo got together with a trio of technology companies to bring fingerprint authentication based on FIDO (Fast IDentity Online) standards to its laptops. Finally, many laptops have microphones. Altogether, this means that fingerprint recognition, facial recognition and voice recognition should all theoretically be possible for customers to use when logging into desktop banking.
And not every banking customer will be a fan of mobile banking – as Mapa discovered in a recent focus group. Its participants – all older consumers – loved online banking, but largely rejected mobile banking. With the closing down of branches, it is likely that consumers will be using digital banking more than ever. And in a recent study, those over 70 – the age range often most worried about when the topic of technology is discussed – were shown to be largely in favour of fingerprint biometrics and facial recognition. Michael Thelander of Iovation, a company which provides device-based solutions for fraud prevention and authentication for online businesses, states that, ‘it is clear that online banking customers across generations remain extremely frustrated with passwords and if provided with more modern authentication alternatives like biometrics or facial recognition, they will eagerly embrace them.’
In conclusion, whilst mobile banking has come on leaps and bounds in terms of biometric authentication and digital security, desktop banking has been left behind. It is fantastic that banks (both challengers and incumbents) and building societies have highlighted the importance of convenient interfaces for mobile. Yet failing to investigate equally user-friendly solutions for online banking on laptops or desktops risks making an important customer group feel like their needs aren’t being considered.