Banks can’t afford to sacrifice customer experience at the altar of security

By Grant Wild, CEO and Managing Director of government and private sector IT company Wild Tech

People working in the banking sector must feel like they are attached to four horses, one limb per horse, and those horses all galloping in different directions. There’s the commercial imperative to innovate and “go digital.” There’s the reality that banking is ranked #2 on the list of most targeted sectors by cyber attackers. There’s the need to comply with extremely strict regulatory obligations… and then there’s the customers, who demand the same quality user experience they have in other sectors where the risk is far lower.

Many financial services organisations turn these competing challenges into triage, and guess which priority is often buried at the back? You guessed it, customer experience.

Imagine this: you’ve just moved into a new office and need to purchase a few thousand dollars’ worth of equipment from a trusted supplier. You use your corporate card, only to find it frozen due to suspected fraudulent activity. You then spend hours on hold with customer service, and that culminates in a series of security verifications that feel more like a medieval inquisition than a modern banking service.

This scenario is common enough that you probably didn’t so much “imagine” it as “remember” it, and it highlights the current state of banking security. Organisations are hyper-sensitive to potential threats but often clumsy in execution, leaving customers frustrated and inconvenienced.

The rise of AI and increasingly sophisticated hacking techniques have forced banks into an even more defensive posture. Traditional security tools like two-factor authentication are no longer deemed sufficient, as AI can potentially outsmart these measures. Consequently, banks are erring on the side of caution, often resorting to drastic actions such as freezing transactions at the slightest hint of irregularity, and willingly sacrificing the customer experience to protect themselves from what might be seen as far more egregious threats. While these actions are well-intentioned, they frequently disrupt legitimate business activities and erode customer trust.

For many financial institutions, the solution is to rely on Managed Service Providers (MSPs). For several reasons, this is the right step forward, but on the other hand, their performance can be inconsistent. In one striking example, an MSP did provide their client organisation with robust digital security, but that was totally undermined by lax physical security. When the company came to Wild Tech to investigate and potentially take over as the MSP, we tested the overall security preparedness and found that we were able to walk in, totally unauthorised, and access their data room.

Such oversights underscore the need for comprehensive security assessments that are holistic in nature. The irony in doing so is that by having IT security that is robust enough that the financial organisation can back it, the more they unlock the ability to embrace technology to support superior customer experiences.

A Challenge For All Financial Services

The challenges are not limited to large institutions alone. In fact, when resourcing is tight the triage can be even more extreme. Smaller banks and credit unions often lack the resources to implement and maintain state-of-the-art security systems. They are particularly vulnerable to cyber attacks, as hackers perceive them as easier targets, and the lack of resourcing means that they often overlook legacy systems and licenses that, unpatched, provide open gateways for those attacks.

In light of these challenges, what is the path forward for the sector? It begins with a shift in perspective for companies of all sizes—from viewing security as a mere cost to recognising it as a critical investment in trust and operational integrity. Banks must adopt a proactive approach, regularly updating and testing their security measures to stay ahead of evolving threats. This includes not only technological solutions but also robust training programs to foster a culture of security awareness among employees. And it also means reviewing the performance of partners, rather than simply assuming that they’re covered.

Moreover, collaboration between banks, regulatory bodies, and security experts is essential. By sharing knowledge and resources, the sector can develop more effective and standardised security protocols that benefit the entire sector.

Furthermore, regulatory frameworks need to evolve in tandem with technological advancements, and the financial services sector needs to actively engage with lawmakers to drive change. Currently, many regulations are reactive, designed to address threats that have already materialised rather than anticipating future risks. A more forward-looking approach is necessary, where regulations encourage innovation in security practices rather than stifling it. Regulatory bodies should work closely with industry leaders to develop guidelines that are flexible and adaptive, promoting a proactive stance on security.

Another challenge that financial services need to overcome is the internal fear of proper reviews and audits. More than a few leadership teams put off an audit for fear of the report coming back to say, “You need to spend $X million to address this hole in security.” Rather than try and kick the can down the road, it would be better for organisations in this position to find partners that understand their landscape and challenges, understand the budget constraints, and operate in a way to reduce risk without creating utter chaos throughout the organisation.

The integration of advanced technologies like AI and machine learning into security systems presents both opportunities and challenges. On one hand, these technologies can enhance the ability to detect and respond to threats in real-time, offering a level of vigilance that human monitoring alone cannot achieve. On the other hand, the reliance on AI introduces new vulnerabilities, as cybercriminals develop methods to manipulate or bypass these systems. The key lies in balancing the benefits of automation with the need for human oversight, ensuring that technology enhances rather than replaces the human element in security.

The financial sector must also address the human factor in cybersecurity. Social engineering attacks, where criminals manipulate individuals into divulging confidential information, are becoming increasingly sophisticated. They also don’t need to be if it’s possible to simply walk up and talk your way into getting access to the datacentre. Training employees and customers to recognise and respond to these threats is as crucial as technological defences. A culture of security awareness can significantly reduce the risk of breaches caused by human error.

One innovative approach that some banks are adopting is the concept of “security by design.” This involves integrating security considerations into every stage of the product development process, from initial design to deployment and maintenance. By embedding security into the DNA of their products and services, banks can create more resilient systems that are inherently resistant to attacks.

Finally, the banking sector must recognise the importance of transparency in building trust. Customers need to be informed about the security measures in place and how their data is being protected. Clear communication can alleviate concerns and foster a sense of partnership between banks and their customers in the fight against cyber threats.

There’s a lot that needs to be done to fully protect financial services from the multitude of security challenges out there. The solution is not to try to resist, and it’s certainly not an excuse to make compromises to the customer experience. There are enough disruptive forces in the market at the moment to siphon away customers if they’re not having a good experience with the bank. Instead, making sure that the investments are being directed in the right way and having the impact that they need to, backed by a holistic approach to security that doesn’t just fixate on small parts of the whole, is where financial services organisations will be able to find confidence that they’re successfully mitigated their risk.

And it’s worth noting that the bank that manages to strike the balance the best will prosper –because no amount of security will ever make a bank grow, only customer experience does that.

About Author:

Grant Wild is the CEO and Managing Director of government and private sector IT company Wild Tech. He previously held executive and management roles at the University of Technology Sydney (UTS), ASG and Brightside.