The reality today is that we, as consumers, have more and more digital engagements requiring different security elements, hence simplicity is key.
Banking is one entity that we all see as fundamental and need access to.
Through this article, I will highlight what banks are doing to help customers to manage their finances safely, the direction that digital banking security will take in the future and how security fits into a wider context.
When it comes to keeping their customers’ money and personal data secure yet also easily accessible, banks have a number of key external stakeholders to consider who all, in different ways, put the pressure on.
In order to keep up, banks constantly need to evolve their planning, tactics and deployment strategies, as well as establish structures that allow for responsive solutions.
The last 12 months have seen a major shift for many banks as the number of mobile banking logins now exceeds internet logins.
Furthermore, banks highlight that the overall internet banking usage is decreasing, yet due to frequent mobile banking activity the total number of digital banking interactions is on the rise.
Considering this, it is no surprise to see that banks primarily invest in improving their mobile banking login experiences. Here are a few of the themes which we think are emerging as key trends.
Login options to suit customer preferences
We see that banks are continuing to add new login solutions which are designed to keep the fraudster out as well as meeting customer expectations for easier access to their accounts.
As part of this, the dominant approach seems to be optional levels of security. One bank recently updating its offering is first direct (UK).
In the past customers have logged in using username, answering a memorable question and providing partial digits of an electronic password.
Late last year, first direct announced to customers (see email below) that it is introducing a security token (as HSBC did back in 2011) to keep customers safe against fraud threats.
Note that customers can choose between different options:
- Stick to the current solution meaning limited access.
- A regular Secure Key security token.
- A digital Secure Key accessed through the mobile banking app.
This is just one of many examples where customers are being given the opportunity to choose and banks can keep existing solutions as well as using new ones.
Continuing with this theme, I want to highlight another example [my]bank of TSB Bank (NZ) which, with a customer base of a mere 160,000, has pushed the limits of personalisation in a number of areas, one of which being security.
The bank was launched in 2010 to attract Generation Y users. Customers can personalise the level of functionality available in the app based on their defined security preferences.
After login, users can customise a number of security settings, such as password and PIN, device recognition and if they would like to use two factor authentication or not.
Furthermore, customers use a slider bar to indicate their ease of access. The highest option allows users to launch the app in a ‘view only’ mode with a PIN required in order to make transactions.
There are still questions as to what extent customers utilise or even appreciate these features but it does show flexibility and choice appearing on the bank’s agenda.
Mobile banking: providing easier access to basic features
Looking back 24 months, the majority of mobile banking apps required customers to login using the same credentials as for internet banking – resulting in lengthy processes and a disjointed user experience.
Since then we have seen a clear trend towards banks introducing PIN code login solutions (often by linking the app to a specific device).
This has certainly sped up processes and we believe it is one of the key reasons why mobile banking usage has accelerated at such a pace. Highlighted below are three banks providing this solution, SNS Bank (NL), Discover (USA) and NAB (AUS).
Do note that with both Discover and NAB customers still have the options to use regular internet banking login details.
Lower payment limits and card related features
In terms of post-login experience, it is commonplace to require customers to go through a second level of authentication when carrying out certain tasks such as paying a new recipient or changing contact details.
However, yet again we see that development is being driven by the promise of easy on-the-go mobile banking solutions. For example, in the Netherlands and Belgium we have noticed a number of banks allowing customers to set preferred daily or weekly payment limits as part of the app registration.
By doing this, users can login using a PIN and then carry out transactions without the need for further authentication or card reader. This is one user-centric example which will certainly add value through convenience.
The general trend to allow customers to view their credit cards within mobile banking is on the rise. Furthermore, banks have understood that enabling users to block a card (debit or credit card) can be a win-win for both parties.
This is effectively both a cost-saver to the bank and an added feature to customers as they can block the card in just a few taps. Below are four different banks providing solutions to suit all.
Educating customers: how to create content that customers will act upon
Transactions can today be carried out faster than ever, hackers can quickly take advantage of this information or access to services. We see that more and more banks communicate with customers via text message or push notifications to confirm sensitive tasks and keep customers up-to-date on the latest developments.
The latter certainly brings customers closer to their finances and enables them to quickly take action.
In terms of educating customers, one approach is to provide security information via multiple channels, but how many customers actually read and take action from online safety procedures?
USAA recently introduced its ’My Security Advisor’ tool where users have to answer a few questions about their online habits and then using information based on the USAA tools the customer is signed up for, an actionable plan will be created in order to keep them protected.
- Switching to paperless statements.
- Setting up security and fraud alerts.
- Activating security software.
From My Security Advisor, users get an indication of their current level of risk and results are saved so customers can revisit the tool at any time.
We like this type of activity based approach and it can be an effective use of a forum to inform customers of new measures on an ongoing basis.
The future: Biometric solutions?
One of the trends pinpointed in Ericsson’s recently released ’10 hot consumer trends 2014’ report is ‘your body is the new password’. A survey tied to this report showed that 52% of smartphone users want to use their fingerprint instead of passwords.
Furthermore 74% believe that biometric smartphones will hit the mainstream market in 2014.
Are we there yet in banking? Not quite.
However, looking at recent developments, biometric solutions (primarily voice biometrics) are gaining ground and most importantly consumers are being exposed to them more and more, alluding to future success.
Here are a couple of examples to illustrate what is happening in this arena:
- Barclays (UK) Wealth and Investment Management is using voice biometric technology to verify the identity of customers as they converse with call centre agents over the telephone.
- Since its introduction, 84% of Barclays’ customers have enrolled in the system, with 95% of those customers successfully verified in successive calls.
- Customer feedback has improved since the technology was introduced five months ago, with 93% of customers rating the bank at 9 out of 10 for speed, ease of use and security.
- USAA have already implemented voice recognition within mobile banking (see below).
- Bridge Community Bank (USA) has introduced in-branch biometric security
- Customers submit fingerprint and facial biometric data as well as their name, address, date and country of birth and gender. Tascet uses this data to generate a 16-digit ‘financial security number’ which is linked to the customer account.
- To identify themselves in a branch and carry out transactions, customers then provide their name and fingerprint.
Looking outside banking, Apple has introduced a fingerprint sensor for iPhone 5. Furthermore, Apple CEO Tim Cook recently admitted that mobile payments was a business that ‘intrigued’ the company and that it influenced Apple’s thinking when developing the TouchID fingerprint scanner.
This will be an interesting space to watch for future developments.
One of the key concerns with biometric solutions is how to safely collect and store biometric data according to different jurisdictions already in place.
Another would be the risky strategy of relying on only one technology to provide secure login, which could result in being easy to exploit.
- Consumers take security as a ‘given’ when managing their day-to-day finances, whether on a mobile on-the-go or on a desktop or tablet at home. This is an ongoing challenge for banks and the initiatives outlined above show that the security space is constantly evolving.
- We predict more collaboration between banks and related financial institutions in order to stay abreast of developments and in turn counteract the continually agile hackers who communicate through online channels to exploit weaknesses in banks’ infrastructures and systems.
- The number of login options are increasing providing customers with more freedom of choice, yet over time we believe the digital channels will merge and as a result, the number of solutions will decrease.