The Truth About Frictionless Banking | GBAF | GBAF

The Truth About Frictionless Banking | GBAF | GBAF

Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Top Stories > Why we need to stop talking about frictionless banking right now

Why we need to stop talking about frictionless banking right now

Published by Gbaf News

Posted on April 6, 2018

8 min read

Last updated: January 21, 2026

Cybersecurity threats targeting banks and financial institutions - Global Banking & Finance Review — Illustration depicting the rising cybersecurity threats faced by banks and financial institutions, emphasizing the need for improved security measures in the industry.

By Andrius Sutas, CEO and co-founder, AimBrain

When it comes to banking, a reliable technology solution that enables a bank to recognise its genuine customers is the Holy Grail. But in recent industry parlance, this ability to identify genuine customers, in a way that our customers appreciate, has been linked to the concept of a ‘frictionless’ experience for the end-user. We want to put an end to the concept that a ‘frictionless’ banking experience is the be-all and end-all.

The myth of ‘frictionless’

One of the ideas I find most untenable is the notion of ‘frictionless’ being the goal. Of course, if I’m making a routine payment to a registered payee, then I don’t want to have to go through several layers of security. A simple authentication process to access my account (such as a selfie or voice command) should be enough to grant me access and authorise normal transactions.

However, if I’m setting up a new overseas standing order, transferring all my funds into another account or trying to buy an Audi R8, I want to know that, somewhere, an alarm bell is ringing. I want friction! As long as it’s the ‘right’ friction, as there is good friction….and there is very bad friction.

Not all friction is created equal

A step-up to a selfie for something unusual is Good Friction. But say I’ve been to Dublin for the weekend, then taken an Uber home from Stansted. Blocking my account and demanding I call you to tell you the value of my last gas bill* is Bad Friction. Excessive, Annoying,Exasperating Friction.

Applying a step-up authentication process in real-time not only flags potential fraud before it happens but does so in a way that doesn’t frustrate customers. Good Friction. Equally, when a request falls into an acceptable risk threshold, ‘stepping-down’ means less friction without impacting security.

Configure in a way that best suits the risk

The best way to step-up and step-down is to take a flexible approach and draw on an arsenal of passive and active authentication modules. Use passive behavioural authentication to continually monitor in-session, and step-up to voice or face (or both) in the event of abnormal behaviour or an unusual request – like my airport Uber. Exploit technology to detect patterns and learn trusted scenarios, so that you can step-down again. Put simply:

Normal behaviour or routine transaction >> Green light

Abnormal transaction or differences in typing, swiping, clicking or moving (captured via a mouse, keypad, touchpad or smartphone) >> Invoke a step-up authentication requirement
Recognise patterns in unusual behaviours or transactions >> Step down again

This step-down approach is a crucial differentiator. When you apply deep learning and a context-driven model to analyse a user’s behaviour, you can cluster together datasets to build a richer profile of the user, which can be used to generate situations in which you can step-down security. It’s this approach to flexible authentication or applying the right amount of friction, that optimises both security and the user experience. No more frozen accounts and infuriated customers made to jump through call-centre hoops.

Choose vendors that don’t want your data

The piece de resistance is that all this data can be captured and analysed in a compliant way. Critical to today’s and tomorrow’s data privacy regulations is that biometric authentication vendors should never store raw biometric data. AimBrain captures data – whether voice, face or behaviour – within the bank’s secure environment, and it is converted to a non-reversible mathematical construct as soon as it hits the AimBrain server. Here, the code is compared to an original coded, pseudonymised template that represents a user, and we send a risk-based assessment back to the bank to say how likely it is that this is the correct person. No raw data and no access to financial or personally identifiable data; we just compare numbers against numbers. Compliant of course, but also comforting to banking customers – their biometric data is restricted to within the bank’s secure infrastructure.

The right level of friction for the customer, a responsible and compliant approach to data privacy and a flexible step up / step down model. That should be the goal, not chasing the fool’s gold of ‘frictionless’.

* Sadly, a true story

AimBrain is a Biometric Identity as-a-Service platform that provides behavioural, voice and facial authentication. Its cloud model lets banks roll out any module across any channel, for omnichannel authentication.

By Andrius Sutas, CEO and co-founder, AimBrain

When it comes to banking, a reliable technology solution that enables a bank to recognise its genuine customers is the Holy Grail. But in recent industry parlance, this ability to identify genuine customers, in a way that our customers appreciate, has been linked to the concept of a ‘frictionless’ experience for the end-user. We want to put an end to the concept that a ‘frictionless’ banking experience is the be-all and end-all.

The myth of ‘frictionless’

One of the ideas I find most untenable is the notion of ‘frictionless’ being the goal. Of course, if I’m making a routine payment to a registered payee, then I don’t want to have to go through several layers of security. A simple authentication process to access my account (such as a selfie or voice command) should be enough to grant me access and authorise normal transactions.

However, if I’m setting up a new overseas standing order, transferring all my funds into another account or trying to buy an Audi R8, I want to know that, somewhere, an alarm bell is ringing. I want friction! As long as it’s the ‘right’ friction, as there is good friction….and there is very bad friction.

Not all friction is created equal

A step-up to a selfie for something unusual is Good Friction. But say I’ve been to Dublin for the weekend, then taken an Uber home from Stansted. Blocking my account and demanding I call you to tell you the value of my last gas bill* is Bad Friction. Excessive, Annoying,Exasperating Friction.

Applying a step-up authentication process in real-time not only flags potential fraud before it happens but does so in a way that doesn’t frustrate customers. Good Friction. Equally, when a request falls into an acceptable risk threshold, ‘stepping-down’ means less friction without impacting security.

Configure in a way that best suits the risk

The best way to step-up and step-down is to take a flexible approach and draw on an arsenal of passive and active authentication modules. Use passive behavioural authentication to continually monitor in-session, and step-up to voice or face (or both) in the event of abnormal behaviour or an unusual request – like my airport Uber. Exploit technology to detect patterns and learn trusted scenarios, so that you can step-down again. Put simply:

Normal behaviour or routine transaction >> Green light

Abnormal transaction or differences in typing, swiping, clicking or moving (captured via a mouse, keypad, touchpad or smartphone) >> Invoke a step-up authentication requirement
Recognise patterns in unusual behaviours or transactions >> Step down again

This step-down approach is a crucial differentiator. When you apply deep learning and a context-driven model to analyse a user’s behaviour, you can cluster together datasets to build a richer profile of the user, which can be used to generate situations in which you can step-down security. It’s this approach to flexible authentication or applying the right amount of friction, that optimises both security and the user experience. No more frozen accounts and infuriated customers made to jump through call-centre hoops.

Choose vendors that don’t want your data

The piece de resistance is that all this data can be captured and analysed in a compliant way. Critical to today’s and tomorrow’s data privacy regulations is that biometric authentication vendors should never store raw biometric data. AimBrain captures data – whether voice, face or behaviour – within the bank’s secure environment, and it is converted to a non-reversible mathematical construct as soon as it hits the AimBrain server. Here, the code is compared to an original coded, pseudonymised template that represents a user, and we send a risk-based assessment back to the bank to say how likely it is that this is the correct person. No raw data and no access to financial or personally identifiable data; we just compare numbers against numbers. Compliant of course, but also comforting to banking customers – their biometric data is restricted to within the bank’s secure infrastructure.

The right level of friction for the customer, a responsible and compliant approach to data privacy and a flexible step up / step down model. That should be the goal, not chasing the fool’s gold of ‘frictionless’.

* Sadly, a true story

AimBrain is a Biometric Identity as-a-Service platform that provides behavioural, voice and facial authentication. Its cloud model lets banks roll out any module across any channel, for omnichannel authentication.