By Jenn Markey, Vice President of payments and identity product marketing at Entrust
Over the last two years, the payments and banking industry has seen a global transformation, accelerated significantly due to the pandemic. Digital transformation is enabling companies to do business in new ways by creating an environment where people, systems and things are increasingly connected. However, the threat landscape for digital businesses is far outpacing the evolution of security management practices. Today more than ever, consumers are digitally connected in practically every aspect of their lives and it is becoming clear that they are expecting the same from their banks.
A recent survey by Entrust, a trusted identity, payments and data protection organisation, discovered how this disruption has impacted consumer preferences and habits in the banking sector, and what implications these may hold for the future.
Digital vs traditional banking
Consumers clearly have an overwhelming preference for online banking, yet a significant concern about fraud remains at the forefront of consumers’ minds. Entrust found that 88% of consumers favour digital banking over traditional banking. However, 90% of consumers worry about digital banking fraud.
According to the respondents, these concerns are not unwarranted as 42% of consumers had been notified of personal banking or credit fraud in the past year. Yet, as a result, 67% of consumers who have suffered fraud changed their bank in an attempt to avoid suffering this again. The exponential rise of fraud and data breaches means financial institutions will not only need to improve their security offerings, but also communicate with customers on how advanced technology helps to keep their accounts secure.
Password practices to prevent fraud
Requiring a password, plus one or more added credential, also known as multi-factor authentication (MFA), is a good way to prevent unauthorised account access. Many data breaches can be traced back to compromised passwords, with phishing scams being one of the most common attacks.
Remote working has become common practice for many of us since the COVID-19 pandemic sent the world into lockdown, with many organisations in a hybrid workforce, according to data collected by Entrust. During this time, many were operating from unsecured locations, creating new risks of compromised data in the event of malware infections and phishing scams, poor password habits and mismanaged credentials.
To protect themselves, individuals and organisations must be more vigilant and resilient to potential security threats. Frequent password resets, increased knowledge of security risks and implementing MFA are just a few examples of simple practices that significantly increase digital security and prevent incidents of fraud.
Banking is one of the only industries that has the potential to lead the way toward a digital-first future. For example, ID proofing technology that leverages consumer biometrics enables banks to provide self-service account opening options that can be done remotely on a mobile device from anywhere and at any time. Biometrics also authenticate customers’ identities from their devices by using facial recognition or thumbprint technology, allowing them to securely access their bank accounts. However, a highlight from the report suggests that consumers are unaware of the power that biometric solutions could provide when it comes to account and payments protection. Only 43% of respondents trust fingerprint recognition to securely validate their payments and only 34% trust facial recognition. Biometric sign-ins have been part of mobile banking for some time, yet consumers seem to be slow at adopting these processes, perhaps due to a lack of understanding or education around the value they can offer and for banks to communicate the value of these added layers of security to prevent fraud.
Not only do user biometric solutions offer a greater level of convenience for consumers, in comparison to more time-consuming authenticators, but they also provide a much greater level of security than traditional authentication methods like passwords. As well, behavioural biometrics provide a risk-based approach that minimises user impact while protecting against even the most sophisticated threats to an organisation. In comparison to user biometrics, which analyse the physiological features of the user, behavioural biometrics analyse more nuanced characteristics of the user, such as their typing speed, patterns of navigation, and the level of pressure applied to the screen. While user biometrics can be seen as another authenticator, behavioural biometrics have the capability to differentiate a human user from a bot, and potentially one human from another, which will help to identify when someone has gained unlawful access to a user’s account.
To further mitigate fraud, banks and financial institutions can ensure personal information is protected through tokenization. This is the process of obscuring personally identifiable information so that it can only be interpreted by systems or authorised users with the correct security key. In the context of payments, tokenization is used when a consumer makes a payment with their contactless card, generating an encrypted token that will protect the customer’s payment information following the exchange by making it unreadable to anyone trying to access the information.
The rise of digital currencies
Payments using digital currencies such as Bitcoin and Ethereum are growing in popularity as they have become a legal form of payment in several countries. 52% of Entrust survey respondents said they would consider using digital currencies like Bitcoin, Ethereum or a Central Bank Digital Currency (CBDC) for payments. With this rise in crypto also came a rise in blockchain technology. Blockchain technology can offer fast payment processing, but more importantly, it can offer more enhanced security through end-to-end encryption which will more effectively shut out fraudulent attempts and unauthorised access.
So far, blockchain technology is mostly used as the underlying technology that such cryptocurrencies operate on. However, the technology’s capability of securely recording and transferring information has the potential for much broader applications beyond the world of cryptocurrency, such as making payments across borders, protecting medical records and securing personal identity.
The world of banking and payments is continuously changing, but a key theme we are seeing is that consumers want options. Digital banking is growing in popularity but in terms of securing their accounts and preventing fraud, it is evident in the survey from Entrust that consumers want the freedom to choose how to secure their accounts, whether that be MFA, biometrics or traditional passwords. The priority here must be for consumers to educate themselves on the best practices to prevent fraud and for banks to communicate the value of these added layers of security to prevent fraud.