Zero Trust, Mobile Banking and the Age of Continuous Authentication

Right now — and this might surprise you — desktop internet banking still reigns supreme, largely because so many of us have been working from home and conducting life via laptop.

But mobile banking is gaining fast on desktop internet banking. Along the way, banking apps need to get faster, smarter — and they need to be trusted by the consumers using them.

We live in an age where data breaches are all too common, however, where account takeovers are a key goal of the fraudsters, where SMS messages from the bank can be intercepted and leveraged to fool unwitting consumers.

In an interview with PYMNTS, Entersekt CEO Schalk Nolte and PNC Head of Products and Innovation, Treasury Management Chris Ward, said continuous authentication can go a long way toward cementing that trust.

As PYMNTS research has shown, roughly 88% of consumers believe it is important to be able to authenticate specific transactions. A whopping 90% of consumers would like extra authentication methods when sending money to friends or relatives and 89% would like them when opening new accounts at banks.

See also: Five Authentication Features Customers Want From Banking Apps

As we’ve embraced digital banking — 70% of us have — the ways and means of authentication have and will continue to change.

As Nolte noted, the President Joe Biden administration has mandated that a zero-trust policy be put in place to help improve the nation’s security, which in effect means that users and devices — regardless of who’s using what, or where — are not just taken at their word, so to speak. Identities need to be verified at all points on a network and verified continuously.

As Nolte remarked, “Gone are the days where we can open a door and let somebody in. And once they’re inside, letting them do whatever they want to do because we’ve checked their ID.”

The Three I’s: Immediate, Interconnected — or Interrupted

The new approach to security, particularly on the financial institution (FI) side of the equation, said Ward, ties into consumer expectations of digital banking, and on what he called the three I’s. First, banking is immediate — we all want to move money with speed. The second I is for interconnectivity (our devices and experiences).

“And the third I: If you’re not doing immediate, you’re not doing interconnected … you’re going to be interrupted,” said Ward.

The introduction of PSD2 across the pond and the exporting of open banking principles and practices have paved the way for consumers to become more comfortable with banks reaching out to consumers to ascertain that they really want to proceed with certain activities or transactions with authentication, when practical, in the background.

“You can think of this as dynamic trust,” said Nolte.

The shifts in payment trends and banking demand that consumers be more in control of their money movement, that they can help decide just how they want to be engaged and at what level of activity ($500 shoes, perhaps).

As for implementing the technologies and protocols to get to that level of trust — easier said than done.

“It’s a bit like threading the needle,” said Ward, who added, “You have to balance privacy laws with how you’re authenticating and allowing a customer to give you the right to get the right authorizations. But at the end of the day, it’s about being able to bind an individual to their phone or to their mobile device or another form factor.”

Nolte said continuous authentication (through geolocation, biometrics and other advanced technologies) can also monitor a consumer’s behavior in real time, detect anomalies and keep money from leaving accounts if red flags are raised. Real-time data can also give rise to real-time confirmation that bills have been paid, for example.

Looking ahead, as Ward said, with a specific nod to banking, zero trust strategies will guide all payments (even cryptocurrencies) and form factors. The overarching theme is that individuals want access to their money, to be able to transact when they want to transact — and assurances that the bad guys are being kept at bay.

As Ward told PYMNTS: “If you’ve got the great app, if you’ve created it with an integrated process, the consumer’s going to use it, or the small business is going to use it to do their banking. And I think that’s just the way everything’s going to — toward immediate payments that are secure.”