The shift to digital and mobile forms of payments and commerce is undeniable across various areas such as retailing, banking and B2B payments. But that does not mean a proactive mindset reigns when it comes to mobile security and innovation. Reactive ways of doing things can degrade the user experience — and that can drive away consumers.
That was among the main themes of a recent PYMNTS discussion between Karen Webster and Schalk Nolte, CEO of Entersekt, a South Africa-based FinTech firm that focuses on enabling secure new banking and payments experiences leveraging the mobile device. The discussion took place, not only as consumers place more importance on privacy and security issues, but as the benefits of mobile payments and mobile wallet integration gain more attention.
Meeting those consumer demands while also trying to integrate mobile systems that require a fusion of legacy systems with the newest technology can be easier said than done, of course. But the right outlook is a good place to start, and a jumping-off point for any meaningful improvements.
“The answer is to find something that is future-proof,” Nolte told Webster during the discussion, which included examination of what “trust” means for situations that require mobile authentication.
Three main factors combine to create not only a sense of trust, but also its pragmatic application in the mobile world, he said. The first one is “identity,” which simply means people are who they say they are. The second is integrity, which means no one has tampered with the mobile device or the messages. The third one is communication, which involves the direct and secure transmission of those mobile messages.
Having three of three factors in place is vital. “If not, that means the end point can be compromised,” Nolte said.
That becomes especially important as the mobile world moves toward more single-scan transactions that include not only payments, but also loyalty rewards, promotions and other factors that make consumers happy and lead to repeat business. Even more, Europe’s PSD2 promises to spark further innovation among financial institutions, FinTech and mobile service providers — innovation that can be easily derailed if security is handled in such a way as to cause friction or provide openings for criminals.
PSD2 sets out the requirements for SCA, an identity verification procedure that leverages multifactor authentication. SCA pulls in factors such as ownership (i.e., the transaction is coming from a device that is recognized as belonging to the consumer) and inherent traits (biometric identifiers like fingerprints and retinas).
PSD2 requires transactions to be included in authenticating a transaction, which opens the door for what Entersekt calls all sorts of offline functionality. The company’s technology enables mobile customers to view specific transaction details and make choices offline – and with encryption, so that only authorized phones can read specific messages from financial services providers.
As well, smartphones are among a consumer's most personal devices, up there with keys, wallets and purses. That could present an advantage for financial institutions — after all, if a customer has been with a particular bank or credit union long-term, odds are that business has earned the trust of that consumer in ways that few retailers likely have.
Think of it this way: What if a business used by a particular consumer introduces a new app overnight? Or just an upgrade? Imagine the consumer looking at the new features, new buttons and perhaps even the new design in the morning. Will that consumer instinctively trust that the app is secure, or will he or she hesitate — a feeling that could potentially lead to less frequent use of that app?
In a banking app, the risk is generally less, given that baseline of trust, Nolte said.
Onboarding consumers presents another opportunity to keep — or lose — that trust. Onboarding can involve such factors as IP addresses, geolocation and even biometrics to confirm the identity on the other end of the mobile relationship. Efficient and secure onboarding leads to convenience, given that consumers don’t have to visit bank branches to complete the tasks. And convenience, assuming it is backed by security, can lead to customer loyalty.
Future-proofing mobile technology also involves messages that businesses send to consumers. That’s why Entersekt developed technology that conforms to PSD2 requirements, and enables banks to send, in real time, secure notifications to consumers.
The competition to gain and retain mobile customers is among the most important tasks faced by financial institutions and other organizations – and the push for innovation will always be associated with the need for top security.