Banks have a lot more to lose than money if a security measure fails. These financial institutions strive to create a relationship built on trust with their customers, and it’s not one easily broken. Consumers think about changing banks as they do about moving: it’s a big hassle that no one wants to deal with. But will do it without hesitation if they feel their bank has violated trust.
Customers demand fast and innovative mobile experiences that are still secure. That goes double for online banking. To preserve the security of a consumer authentication and interaction, while meeting and exceeding customer demand for responsive mobile experiences, FIs are looking to passive biometrics and behavioral analytics to satisfy both needs.
Consumer preference is driving the demand for change. Mobile usage worldwide is rapidly outpacing desktop logins at financial websites. Mobile banking customers are more engaged, logging on an average of 14-15 times per month versus four to five times for traditional online banking customers using desktop computers. Focusing on customer engagement in the mobile space can further cement brand loyalty, making your mobile app an indispensable resource your customers rely on and use every day. Failing to deliver the experience that consumers demand means losing customers to more agile competitors, as well as making new customer acquisition extremely difficult.
It is critical in this consumer-driven landscape to offer convenient and easy online access, but it comes with a price. As we deploy easier-to-use and more friendly online services, they become more attractive to online criminals, resulting in higher-risk transactions and less data to adjudicate between good and bad users. Compounding this risk is the fact that banking customers have a very low tolerance for incidents of fraud – but how they found out about it also has a huge impact. In a recent study on consumer behavior, if banks alert their customers to the fraud, only 2.5 percent of those customers would leave that bank; but if customers discovered fraud on their own, there was a four-fold increase in customer churn, with one in five customers defecting to another institution. Unlike a retailer that has a breach, if a customer’s account at a bank is compromised, they will not likely be won back over time. Banks spend years developing that deep well of trust, so why risk it? Breaking that trust comes at too high of a price.
Financial institutions don’t like risk any better than consumers do; in fact, they are extremely risk averse, and for good reason. Since 2010, incidences of card-related data breaches have increased over 340 percent. Theft of login and password data has increased over 300 percent in the same period. Consumers who have had their account information stolen are 10 times more likely to be the victim of financial fraud, with a subset of those consumers experiencing true identity theft – a crime with lifetime ramifications.
A balance must be struck between protecting against security threats and the consumer demand for convenience and functionality. The need for this balance is driving nearly 80 percent of financial institutions to invest in technology solutions that boost customer engagement and bolster security. Often these investments are diametrically opposed, either increasing the risk profile of an institution by making consumer access more convenient or increasing account security at the expense of consumer satisfaction and engagement. Solutions must be found that don’t compromise the ideal state – both easy to use and secure. Trust and safety!
Traditional methods of consumer identification use single points of static data to predict risk. It is glaringly apparent that we need to move beyond tradition to devise new solutions. We’ve relied too long on device identification, static data points and usernames and passwords to define legitimate access. Having all these elements match up in an account application, login or transaction does not mean that interaction is safe and, inversely, having anything fail to match up should not remove all faith that an interaction is valid. Attempts to add dynamic elements, like one-time passwords and SMS text messages, to the authentication equation have traditionally met with consumer confusion, backlash and rejection – or all out abandonment. It simply adds too much friction.
The reality of an increasingly mobile-first world suggests that we will continue to labor under the burden of authentication based on static information such as usernames, passwords and device IDs. But not to despair, by using a combined approach of passive biometrics and behavioral analytics atop existing authentication solutions, it is possible to strike that balance of frictionless customer experience and increased security.
And that’s not all; financial institutions that are able to confidently authenticate their customers can push out individualized offers and provide a streamlined user experience, which strengthens customer trust and engagement and increases bottom-line dollars. The layered authentication approach is a true win-win scenario.
About The Author: Robert Capps is the vice president of business development for NuData Security. He is responsible for developing and nurturing strategic alliances, partnerships and channels. Robert is a recognized technologist, thought leader and advisor with over twenty years of experience in the design, management and protection of complex information systems – leveraging people, process and technology to counter cyber risks. In his previous role at RedSeal as a senior director, Robert was responsible for technical, security and customer operations. Prior to RedSeal, Robert was senior manager, global trust and safety at StubHub. Robert can be reached online at Twitter (News - Alert) @rwcapps or via www.nudatasecurity.com.