By Robert Capps, Vice President of Business Development, NuData Security
Cyber threats have become so widespread and well orchestrated that new security methods must be implemented if banks intend to fully protect the sensitive data entrusted to them. Yet there is hesitation. Banks are understandably risk-averse when it comes to trying new measures out, because they work hard to establish and maintain trust relationships with their customers and don’t want to do anything that would jeopardize that trust.
But times are changing, as so must banks. The growth of mobile account access has exploded in the past few years, with customers demanding fast and innovative mobile experiences that are still secure. So, to preserve the security of a consumer interaction while meeting customer demand for responsive mobile experiences, financial institutions are looking to passive biometrics and behavioral analytics to satisfy both needs.
Mobile logins are outpacing desktop logins at financial websites around the world. Mobile banking customers are more engaged, logging on an average of 14-15 times per month versus four to five times for traditional online banking customers using a desktop computer. Focusing on customer engagement in the mobile space can further cement brand loyalty, making your mobile app an indispensable resource your customers rely on and use every day. Failing to deliver experiences consumers demand means losing customers to more agile competitors, as well as making new customer acquisition extremely difficult.
It’s not cheap or quick to offer easy and convenient online access. As we deploy more user-friendly online services, they become more attractive to online criminals, resulting in higher risk transactions, and less data to adjudicate between good users and bad. Compounding this risk is the fact that banking customers have a very low tolerance for incidents of fraud, and how they found out about it also has a huge impact. In a recent study on consumer behavior, if banks alerted customers to fraud, only 2.5 percent of customers would leave that bank; if customers discovered fraud on their own, there was a four-fold increase in customer churn observed, with one in five customers defecting to another institution. Unlike a retailer that has a breach, if a customer’s accounts at a bank are compromised, they will not likely be won back over time. Banks spend years developing that deep well of trust, so why risk it? Breaking that trust comes at too high a price.
Financial institutions are extremely risk-averse, and they have good reason to be. Since 2010, incidences of card-related data breaches have increased over 340 percent. Theft of login and password data has increased over 300 percent in the same period. Consumers who have had their account information stolen are 10 times more likely to be the victim of financial fraud, with a subset of those consumers experiencing true identity theft – a crime with lifetime ramifications. Another real concern is malware, once confined to desktop computers and now exploding in the mobile space.
Customers want functionality and convenience, but security threats continue to mount. A balance must be maintained. This need for balance is driving nearly 80 percent of financial institutions to invest in technology solutions that boost customer engagement and bolster security. Often, these investments are diametrically opposed, either increasing the risk profile of an institution by making consumer access more convenient, or increasing account security at the expense of decreasing consumer engagement. Solutions must be found that don’t compromise the ideal state: easy to use and secure.
We need to get past standard methods of consumer identification that use single points of static data to predict risk in order to devise such solutions. We’ve relied too long on device identification, data element matching and static usernames and passwords to define legitimate access. Having all these elements match up in an account application, login or transaction does not mean that interaction is safe and inversely, having anything fail to match up should not remove all faith that an interaction is valid. Attempts to add dynamic elements, like one-time passwords and SMS text messages, to the authentication equation have traditionally met consumer confusion, backlash, and rejection. It simply adds too much friction.
Amidst the current status quo of authenticating users based on oft stolen and easy-to-guess usernames and passwords or dodgy device IDs, hope remains. Current authentication methods can be augmented with passive biometrics and behavioral analytics for a frictionless customer experience that, at the same time, significantly improves security. Better still, this layered approach enables banks to gain deeper insight into customer preferences to offer them personalized promotions and a streamlined user experience. This builds engagement and trust even more – a true victory for financial institutions and their customers.