By Tom Stinton
There is no doubt that technology is improving the customer experience, but it is also opening consumers up to increasing security threats and increasing the need for financial institutions to improve their cybersecurity technology. Intelligent Environments has long been calling on the digital banking sector to not only make users more aware of cyberfraud by improving education, but also to make it easier for customers to protect their personal data online. While there has been movement towards more secure data security procedures, there is still much more that needs to be done to ensure consumers are better protected, while still have a quality user experience.
Recently, a story from the USA highlights this disconnect between the user and security perfectly. It was reported that a child accidently ordered a doll house via Amazon Echo by simply asking “Can you … get me a doll house?”. It had turned out that her parents had not set-up the optional four-digitsecurity code, spoken aloud to confirm purchases. The story went viral, and in the process highlighted consumers’ sometimes casual consideration for personal security, when the story hit the local news. During the broadcast, the anchor signed-off by saying, “I love the little girl saying ‘Alexa order me a doll house'”. This then caused several other Echo owners’ machines to place orders for doll houses as their device were activated by the anchor’s off-the-cuff remark.
As much as this story is amusing, the message here is that security features are there for a reason, to stop unwanted purchases and to protect data. However, consumers are still bypassing the features, taking short-cuts, or choosing not to set them up as the processes are often seen to be too cumbersome or onerous.
Our own research shows, specifically in terms of online banking, that consumers feel managing their personal security is too complicated, ultimately leading to unsafe behaviours. Passwords and log-in process seem to be a particularly significant problem.
For many people, it’s a user experience issue. The problem of too many passwords and security codes is a reality, with our research indicating 34 per cent of people admit to writing their passwords down to remember them. We are told that best practice states passwords should be long and unique for each different account, with some organisations suggesting changes every 30 days. It’s fair to say, the majority of consumers don’t follow these guidelines, especially as the average citizen in the UK is registered on over 90 accounts, according to password management company Dashlane. If an average consumer followed these guidelines, they would need 1095 different passwords, or password iterations, every year. It comes as no surprise then, that people are writing passwords down to keep track of which is for online banking, and which is for their magazine subscription.
Concerningly, 21 per cent of consumers admitted to sharing their PINs with colleagues, friends or family members to withdraw money on their behalf, an act which we are warned against regularly. This demonstrates that the issue goes beyond simply better education, which the financial sector is already heavily investing in through banks’ individual campaigns, and through joint-activities with third parties such as the Government backed Get Safe Online campaign.
Consumers are aware that there is a need to improve their own data protection habits, with 60 per cent saying they have become more aware of security due to high-profile cyberattacks such as the Three and Tesco hacks of 2016
However, ultimately, banks and other organisations who hold sensitive data need to implement more robust security measures against hacking and cybercrime. This includes making better use of technology such as biometrics, which can be more secure than traditional password and PIN technology, but also more user friendly.
The EU General Data Protection Regulation (GDPR) that will come into force in 2018, will ensure financial institutions pay far more attention to security as the punishments for neglecting data protection are going to be severe. However,increased security cannot be to the detriment of the user experience as users will only find a way around the measures if they are seen to be in anyway cumbersome, as we have seen by the Amazon Echo example.
We know that consumers’ natural inclination is to side-step complicated processes wherever possible, so, while there is an increased need for improved cybersecurity technology and process, the financial sector must make a great effort to ensure that it is never to the detriment of a great and seamless user experience.