In eCommerce and mobile banking, friction is a four-letter word, an interruption and annoyance — even a speed bump — on the path to transactions and getting things done.
Unless, of course, the friction is healthy.
Jen Singh, director of channel partnerships at Entersekt, touched on friction’s evolution (and usefulness) in advance of an upcoming playbook on friction and mobile banking.
She noted that the consumer attitude toward their personal data and the security protecting that data is changing.
“We have seen some shifts over the last few years,” she told PYMNTS. “A lot of that stems from the news that’s out there, detailing the scenarios where consumers’ personal data is getting breached.”
Also, as a result of the breaches, she said, that data is out there in cyberspace, co-opted by fraudsters and criminals to use in their schemes to steal identities and steal money. As a result, said Singh, consumers are showing a level of apprehension not seen previously. They want to protect some of their most valuable assets, such as their money and the payment credentials they use when accessing that money.
Those concerns come against a backdrop, Singh said, where payments done across mobile devices and other tech-driven means have become ubiquitous, and consumers also want those payments to happen with speed and ease.
“Payments should be painless and should allow individuals to go about their day in an easy way,” she said of consumer expectations of the eCommerce experience.
Consumers are becoming savvier about the protections available to them to help safeguard identities as they interact with banks or merchants, Singh said. She pointed to biometric examples such as fingerprint and face IDs, which have become increasingly prevalent on mobile devices, and which she said have become almost second nature.
Healthy Friction, Evolving
In online commerce, though, friction is part of the equation. However, just as eCommerce and the technology enabling it has evolved, so too, has friction.
Singh explained that friction was, in the past, destructive to the consumer experience, and had been tied to the fact that technology had been unable to deliver a seamless experience. Financial institutions, she said, had been focused on fighting fraud at the expense of ease of use. That gave rise to one-time passcodes delivered by SMS, for example, which proved a popular method of multi-factor authentication.
Fraud, however, has evolved, too. Singh noted that criminals have been able to conduct SIM swap fraud and intercept SMS communications, finding their way toward logins and passwords.
“We’re obviously seeing a lot more fraud going to online and mobile channels. This is becoming a huge threat factor for mobile banking, for mobile payments and really just digital eCommerce in particular,” she said.
Ideally, binding the consumer identity to the device itself can provide an additional level of assurance as FIs and other stakeholders shift away from one-time passcodes. Of her own firm, she said, Entersekt has been seeing a shift toward using in-app push notifications to authenticate users who are wielding recognized devices — and where a fingerprint may be all that is needed to prove that someone is whom they say they are.
Call it a form of good friction, fully anticipated and acknowledged by the individual, who now has some degree of control over authentication. As Singh said, users may opt to do away with such stepped-up authentication prompts if transactions are relatively small, say, below $10 — even if it means sharing some of the liability for the commerce they conduct.
One tailwind toward consumers taking more control of their identity may come with greater awareness of regulations such as the second Payment Services Directive (PSD2), which, in Europe, mandates strong customer authentication (SCA) to be rolled out over 18 months. Though relatively fragmented, she said, legislation in “bits and pieces” has been taking root in the United States, as evidenced by the California Consumer Privacy Act, which gives individuals the right to know who uses their data, and how that data is used.
The stage is set, then, for greater understanding and research into the different thresholds of when a consumer wants friction, and where their tolerance levels lie. Insight is critical as banks, merchants and other enterprises examine their authentication strategies against a changing regulatory environment.
“I think the big ‘aha’ moment is that the industry right now is really talking about the frictionless experience — making it seamless and invisible to the consumer. And one big takeaway is going to be that the consumer doesn’t want all of that removed from their purview,” she told PYMNTS. “In fact, consumers will trust their institution more if security mechanisms are exposed and more control is put into the hands of the individual.”