By Clive Bourke, President, EMEA and APAC at Daon

Consumers are becoming more aware of the importance of data in creating a positive online experience, with 60% viewing the exchange of personal information as essential to access desired services, compared to just 38% back in 2012.

But as personal data usage increases, consumers want strong digital identity and data security from businesses that they can trust. A recent survey found over half of consumers believe that companies hold an equal amount of responsibility for protecting their identities online as consumers do themselves.

Growing security threats leave business and IT leadership facing important questions about the steps they’re taking to build a safer online environment. To build consumer trust, service providers must understand how consumer expectations have evolved for the channels and technologies that power the experiences they both want and expect.

Regulatory compliance only fights half the battle

Consumers are commonly faced with breaches, hacks, and fraud online. In fact, the Financial Conduct Authority received 116 reports of ‘material’ cyber security incidents in 2021. Despite this, many businesses are still failing to embrace widespread adoption of security technologies beyond passwords. While banks and financial institutions have advanced beyond this basic measure through regulatory requirements, it doesn’t mean they’re immune to security concerns. Furthermore, it doesn’t mean they’re providing the experience users are looking for by simply adopting multi-factor authentication. Simply addressing a minimum regulatory and security requirement is not the same as creating a pleasing and reassuring customer experience.

For instance, some service providers are still relying on SMS-delivered codes as part of their initial registration or ongoing multi-factor authentication. Though this technology attempts to address security requirements in some use cases, this is fraught with risk and friction. SMS messages are capable of being intercepted and frequently need to be resent. With over half of consumers saying they expect businesses to share the burden of protecting their vital information, there is even higher pressure when it comes to finances. The same survey found that 93% of consumers expect even more stringent security measures when accessing their financial accounts compared to other online activities.

Coupled with pressure from consumers is the industry threat of brand damage due to negative news coverage, fines, and even revoked licenses when technology failures impact their customers.

What, then, is the path forward for financial service providers that are facing mounting industry pressures and consumer expectations?

The path forward for security

In 2022, 93% of UK citizens used online banking, and one of the primary drivers has been the convenience and ease of use. As with most businesses, the customer experience remains the centre of the brand. What banks and financial institutions must now realise is the role security plays in that experience, and how high the bar is for consumers’ when it comes to their finances. They must consider whether simple regulatory compliance through multi-factor authentication is enough. Leaving their customers vulnerable is now leaving their brand vulnerable but also any unnecessary friction is heavily critiqued by their customers.

This threat has pointed many toward more advanced security measures, including biometrics, and research found that 81% of consumers have said they are willing to use them if it better secures their accounts and information. NatWest and Adam Bank are two examples of financial institutions that are beginning to leverage biometric solutions, increasing the usability and breadth of the services they offer their customers online, with millions of customers benefiting from the combined convenience and security benefits. Service providers who find the right balance of convenience and security – without compromising either – typically enjoy high net promoter scores for their identity journeys.

Biometric authentication matches the unique characteristics of an individual, including physical features, to the data that was securely registered previously. The technology offers many benefits compared to other authentication methods – its non-repudiable and it deters and detects fraudsters, but also delivers great usability, which is why it’s a great option for many user journeys.

Meanwhile, passkeys add another layer of protection to standard biometric authentication, although there are still some issues that need to be overcome for highly regulated service providers. They work by generating a unique digital key that is only valid for one account. These keys only work for the site or app for which they were created. They are a real step forward in removing dependencies on passwords, but they need to be enhanced by additional identity proofing and strong authentication methods like biometrics to satisfy the security requirements of regulated industries like banking. We expect to see the use of passkeys grow in popularity, even as just one element of the customer authentication paradigm.

These solutions provide consumers with the protection they rightfully expect from businesses across the financial services industry to which they release their sensitive data. It’s imperative for all businesses to meet consumers halfway by adopting stronger security measures. Getting this right will lead to an increase in trust and, ultimately, lead to higher levels of customer satisfaction and better net promoter scores for their identity journeys at least.

Security solutions also need to be truly cross channel capable of being leveraged in person, in browsers and in apps, but crucially not just designed for native apps on smart devices. App fatigue and removing the app download friction are just some of the critical considerations of meeting consumers halfway, and the registration and authentication journeys and the services made available on the back of these identity journeys need to satisfy consumers across all channels.