“The balance between freedom and security is a delicate one," former U.S. Congressman Mark Udall once said.
The sentiment is especially relevant among many banks right now, as they attempt to roll out new and more advanced digital and mobile banking systems. It's a difficult balance to strike. Modern technology has trained consumers to expect digital and mobile solutions for everything from getting directions to buying new shoes to be both easy to understand and secure. The same goes for digital banking.
According to the results of a recent survey from Trustev, consumers are more concerned with simplicity than security, as they’ve been conditioned to place convenience far ahead of security. “I think convenience trumps basically everything,” one Trustev executive told PYMNTS soon after the survey was released.
The balance between simplicity and security is so crucial and difficult to find that John Dancu, president and CEO of digital security firm IDology, told PYMNTS it could be the biggest challenge for banks looking to implement tougher security features for their digital and mobile solutions.
“It’s important that you make it really simple for the consumer,” Dancu said, “while, at the same time, trying to ferret out the fraud.”
PYMNTS recently caught up with Dancu to discuss security and authentication in the digital banking space.
Keeping Pace With 'Innovative' Fraudsters
Dancu stressed that it takes multiple layers of security, which must be continually updated and improved, to keep up with bad actors.
“I think fraudsters are innovative individuals, unfortunately. It’s their full-time job,” Dancu said. “So, one of the things you can’t do is rely on just one layer. You have to have multiple layers that give you dynamic feedback, and then, you need to be able to make decisions off that dynamic feedback.”
For Dancu and his team, those layers include, among others, ID and driver’s license verification, mobile device authentication and location-based protocols.
“You have to validate that consumer and make sure that they're the right person. So, accessing information relative to that consumer and their mobile device is going to be important,” Dancu said. “Are the device, location and activity attributes that are surrounding that transaction correct? Is the license good? Is the data on the phone good? And when you add more and more layers to this, you can validate people.”
Dancu also noted that, for many banks, especially larger financial institutions, old security technology can do more harm than good.
“A lot of the banking systems that are out there for authentication are legacy systems that are ancient, and ancient can be seven to 10 years since it was deployed,” he said. “They’re old. They’re antiquated. They don’t work well. They don’t locate people. They don’t have flexibility.”
Dancu said banks need to move quickly in order to better protect their customers. He also noted that some "innovative" banks have started to update their legacy systems to improve their identity verification capabilities. Still, Dancu said, “a lot of the financial institutions have a long way to go.”
Simplicity And Security
Of all the layers that banks and financial institutions should be using in order to protect their customers, Dancu said, the most important is the final layer — the one that hides the deep arsenal of security protocols away from the consumer.
Dancu said that the next step for most banks is to reduce friction and frustration among customers. “I think some of the successes are going to be making the process really simple and easy for the consumer,” he said.
In order to do that, Dancu said, banks and financial institutions need to keep the security process separate and away from the customer experience. He noted that opening an account is one of the biggest pain points for customers using mobile devices, as users do not want to take the time to not only download the mobile app but also enter extensive identity information in order to verify that they are who they claim to be.
The challenge becomes ensuring a customer’s identity without burdening them with a long list of security requirements. In the case of IDology, Dancu said that he and his team work with clients to build a "mobile identity" in order to create a simple and secure two-step verification process.
"The way we connect is constantly evolving, and this creates some interesting scenarios in the verification world, because it also opens more avenues for fraudsters to exploit," he said. "With these factors at play, identity verification needs to evolve to incorporate more real-time device characteristics that bind an individual to a device.”
Dancu said that his team focuses on mobile identity due, in large part, to the way individuals use their mobile devices. Many consumers get new smartphones, swap out SIM cards while traveling or change their phone plans frequently. Those changes are linked to and tracked by the customer's mobile phone number and can be used as part of verification.
Dancu emphasized the importance of evolving with ever-changing consumer behavior in designing a comprehensive and convenient security solution.
"In essence," Dancu explained, "we're able to bind the phone, and by binding the phone, we are taking information from mobile carriers and combining it with device information and establishing a second-factor authentication that gives you the ability, under the covers, to green light a customer.”
The Less Friction, The Better
Dancu stressed that, in the age of online fraudsters and other bad actors, companies need to be ever-vigilant when verifying their customers, particularly during account setup. He said that many consumers would be surprised by just how easy it is for identity thieves to gain sensitive information on nearly anyone.“You can’t sit still in this business, that’s for sure,” Dancu said. “Fraudsters today, they can go on the Dark Web and purchase your names, your address, your Social Security number. So, they have that exact information.”
In order to combat that wealth of information, he said, businesses need to rely on multiple layers of security, without disrupting the customer experience.
“This is all a matter of layers and being dynamic,” Dancu said. “I think the key to banking is to make it really simple and easy for people to get their information and to conduct transactions. The more you can do under the covers, relative to verification, the better. It just has less friction.”
To download the August edition of the Digital Banking Tracker™, click the button below.
About The Tracker
The PYMNTS Digital Banking Tracker™ brings you the latest news, research and expert commentary from the FinTech and consumer banking space, along with the rankings of more than 70 companies serving or powering the digital banking sector.