By Ben Goodman
Customers are taking a far greater interest in their personal data than ever before.
Its security is no longer a simple legal imperative; it’s an opportunity for banks to differentiate themselves from competitors.
Potential customers are as likely to compare retail banks’ track records with data and the intuitiveness of their apps as they are interest rates. Ultimately, the banks and financial services organisations that find the right balance between fortress-like security and intuitive user experiences will win and retain customers.
In the age of Open Banking, GDPR and connected devices, this balance isn’t easy to find. Many consumers find more secure measures such as two-factor authentication tedious, despite greater understanding of the need to protect their data. Their reluctance to leverage relatively simple but admittedly clunky tools puts the onus back on to financial institutions to ensure that people’s information and assets are protected.
The route to protective-yet-intuitive security for banks is therefore through the adoption of multi-factor security processes that leverage the latest technology. In contrast with legacy security systems, the technology available now can simultaneously improve the user experience for customers and strengthen the safety of their information – things that have been at odds with each other in the past.
Moving security beyond the front door
We currently ask customers to authenticate their identity exclusively at the ‘front door’. When opening an online banking portal, app or platform, customers are presented with a login process. Once they have completed this they are free to access all available features and services. On its own, this has the potential to be tremendously insecure and is also deeply opaque in terms of demonstrating to customers how their identity is being authenticated and protected, hence the drive to encourage customers to adopt continuous authorisation.
The sheer variety of authentication options available now, and the power to use them at scale, mean that we have the scope to move beyond this simple ‘front door’ approach to access. Instead we can now adopt a smarter, more nuanced system that presents customers with the appropriate option at the right time. Whether this is an iris scan to deposit a cheque, a voice command to check a balance, or a selfie to request a statement, there will simply be no reason for banks to persist with outdated, unaccountable authentication methods. The technology exists to boost the security of customers’ accounts at every stage and in ways that require the appropriate amount of friction for what they are trying to do.
Enter behavioural biometrics.
Behavioural biometrics – a gamechanger?
Behavioural biometrics are a next generation technology looking specifically at behavioural factors and using them as a form of authentication and assurance. The technology evaluates unconscious actions such as how people walk, hold a device or even how fast they type to create a user profile or ‘virtual fingerprint’ that is unique to that individual. This is combined with contextual clues such as the WiFi network, GPS location and the timing of the customer’s actions.
As a customer conducts tasks, for example on their banking app, behavioural biometrics creates a score showing the likelihood that they are the account owner. This can be as accurate as a fingerprint, making it an essential instrument in banks’ security toolkits. The process can be tailored so that more sensitive actions, such as transferring money, require a higher confidence score than less risky ones, such as checking a balance.
The result is a customer experience that is not only more secure; it’s far more convenient. In the age of IoT, the vast majority of us carry devices with us which we use for everyday personal finance tasks such as paying bills or splitting the cost of last night’s dinner. Equipped with touch-sensitive screens, accelerometers and gyroscopes, the sensor-filled devices in our pockets are poised to interact with and interpret outside stimuli like never before – a true sea change when it comes to the widespread adoption of behavioural biometrics.
That allows us to collect a lot more data. Using machine learning and artificial intelligence, technology providers are able to use that data to create more reliable user profiles, enabling higher levels of confidence in the technology and a groundswell of adoption in financial services.
For example, banks like Lloyds Banking Group and Deutsche Bank have employed measures to identify if a customer’s mobile phone is physically stolen or compromised by malware. From behaviour with the phone alone, the technology will generate a score that indicates a level of certainty that the person using the phone is who they say they are. This score, in tandem with other security context clues, gives customers the information they need to determine whether they trust the end-user they’re interacting with – helping to prevent unsafe transactions or account takeovers.
Introducing friction at the right time
With behavioural biometrics, it’s tempting to imagine a consumer opening their banking app, checking their balance, paying their credit card bill and transferring some cash without any annoying passwords or thumbprints. Behavioural Biometric security would work seamlessly in the background, protecting the customer at every stage without intruding on their experience.
While this is not necessarily an implausible vision, it may be misguided today. In taking the security burden away from customers, a totally seamless security user experience could actually erode customer confidence and satisfaction. For example, imagine you are transferring £10,000 to an account you have never interacted with before. If you are not explicitly asked to complete some form of additional security measure, say providing a thumbprint or taking a selfie, you are unlikely to feel confident that your identity (and money) is being handled securely.
As such, banks don’t need to stretch for a totally seamless user experience. In fact, re-injecting friction into the user experience – if done in the right way and at the right time – can provide greater visibility of security processes and a stronger sense of trust – with the added bonus of removing tedious login processes at the front door.
Security as a toolkit
Behavioural biometrics is undoubtedly a gamechanger. Yet it must nevertheless work alongside other tools to improve the customer experience and user security. No single piece of authentication technology can be the entire solution to protective-yet-intuitive security.
Drawing on the methodologies and signals provided during a user authentication process, the right multi-factor toolkit will allow banks to offer the most secure, most intuitive authentication possible. In an increasingly competitive market, the reward is more customers and greater brand loyalty.
Ben Goodman is VP of Global Strategy and Innovation at ForgeRock, the Digital Identity Management company transforming the way organisations interact securely with customers, employees, devices, and things.