Martin Gontovnikas (Gonto), VP of Developer Relations, Auth0
The past decade has borne witness to incredible change within the banking sector and the ways in which customers access and interact with their financial information
With widespread adoption of technology, financial institutions are making it easier than ever to conduct transactions and manage money from anywhere. Last year, 22 million people managed their current accounts on their phones, and there are no signs of a slowdown, with 72% of the UK adult population estimated to bank via a phone app by 2023.
Alongside the promise of speed, convenience, and choice that digital banking brings to consumers and corporations, there are important considerations to bear in mind, especially in light of strict regulations such as GDPR and PSD2. Accessing bank accounts and financial products from different devices means growing customer touch points that need to be authenticated and secured, all the while providing customers with a seamless user experience. This complements the growing trend of open banking, which is how banks are innovating and modernizing their services. By providing a wider network of financial institutions’ and partners’ offerings through the use of APIs, customers have access to many more services through one login. An emergence of the Open Banking Standard has set a protocol for how financial data is used, but with more providers with access to personal information, it is essential to have even more stringent security practices in place.
In order to address these challenges, banking institutions are increasingly turning to cloud-based Identity and Access Management (IAM) to not only secure the identity data of their users, but also improve the user experience. Security best practices like Multi-Factor authentication (MFA) and Breached Password Detection should be standardized across all financial institutions. These increase security and provide users with seamless and frictionless authentication, while giving organisations a single view of their customer base with significant marketing gains.
Are Passwords Not Enough?
In the past, usernames and passwords were considered secure enough to give organisations and customers peace of mind. This is no longer the case.
Passwords are much less secure than we think, especially as users tend to reuse the same credentials across multiple logins. According to security researcher Troy Hunt, 86% of passwords are “terrible,” and are reused from previous breached passwords. Employing a feature like Breached Password Detection greatly decreases the risk of these “terrible passwords.” If you log in with a credential that has been breached, this feature will recognize it, alert the consumer, and require they change it. An important safeguard for the very common practice of reused passwords.
In addition, the number of different passwords for various apps and services that consumers have to remember is increasing at the speed of light. This means that the requests for password registration and resetting forgotten passwords (alongside the frustration that comes with it) is also increasing. And it comes with a price tag.Research has shown that a password registration or reset costs an average of £8, which means for larger composite organisations these costs can increase to several hundreds of thousands per year, if not more.
Building modern authentication, however, goes beyond usernames and passwords. IAM provides a framework for managing identity, and enabling the right individuals to access the right resources at the right times for the right reasons. As the number of devices per user increases, as does continual demand for information access from any/every device (including IoT), financial organisations are using a more holistic IAM strategy, that can scale to any number of users, devices, and APIs, and keep data secure.
Multi-Factor Authentication is Your Double Security Door
Multi-Factor Authentication adds an additional security layer in the authentication process that is most effective when the requirement is the validation that comes from the user’s personal device. Whether it’s a fingerprint, or a special code sent directly to the phone (as opposed to a simple question that needs to be answered), this second layer of personalization makes the hacked password practically ineffective. This is particularly important for banking institutions and financial firms for gaining customer trust, as it can help them provide their customers with further reassurance that there is a high level of security with their financial information.
It is imperative that as new technologies are adopted, financial organisations educate their customers around the benefits of Multifactor Authentication and Breached Password Detection. To achieve this, integrating these authentication methods into consumer financial apps needs to be easy and practical, not only empowering customers to opt-in, but also showcasing these institutions’ commitment to data security and protection. A successful tactic for wider adoption is to provide an institutional perk that will motivate users to sign on. They secure their information and get rewarded for it at the same time.
Gain Visibility into Your Customers
Financial institutions have a wealth of customer data at their disposal, especially around spending patterns and consumption preferences, and a comprehensive IAM strategy can provide crucial customer insights by leveraging user data to create a 360 degree view of each customer.
This information can be integrated into CRM and e-commerce systems, enabling financial institutions to make informed decisions around what products can be recommended to a specific customer or tailoring content according to their specific needs and priorities. There is a great deal of information about personalisation’s impact on conversion rates – this Salesforce study found that personalised mobile recommendations resulted in 4.2x greater conversions. Relying on a comprehensive view of the customer enables any financial institution to deliver a much better and more impactful experience.
IAM Brings Increased Security and Real Business Value
The financial sector and banking institutions in particular have realised the power of new technologies and have embraced digitisation. Whether or not a completely passwordless future is realistic in the near future, there is no doubt that consumers are demanding easier and better ways to interact with their financial services, and simultaneously verify their information is completely secure.
Cloud IAM platforms have taken centre stage as an integral way to check off the boxes of user experience, data security, authentication, and much more. Consumers are changing on a daily basis and are creating more demands for faster, easier, and safer access to information. With the right identity platform in place, financial organisations can surge ahead by keeping customers loyal and offering the most innovative and secure user experience possible.