Security & Fraud

How Security, Paired With Simplicity, Is Driving BoA’s Digital Authentication Evolution

As banks look to expand their digital offerings, they face the challenge of creating solutions that are simple enough to encourage adoption, yet secure enough to safeguard financial data. The May edition of the Digital Identity Tracker™ profiles Hari Gopalkrishnan, Client Facing Platforms Technology Executive at B of A, who walks us through their authentication mantra. The Tracker also features news stories from throughout the Digital Identity space and a brand new player directory ranking the capabilities of 74 companies, including five new additions.

Customers are drawn to banking technology that is easy to use yet secure enough to safeguard their personal information. For major banks looking to gain consumer trust while staying ahead of the technological curve, creating services that are both simple and secure can be a major challenge.

Hari Gopalkrishnan, Client Facing Platforms Technology Executive for Bank of America Merrill Lynch, recognizes just how important striking a balance between simplicity and security can be. In fact, he believes that the pillars are integral foundations on which all successful consumer services are built for the bank. recently caught up with Gopalkrishnan, who discussed how BoA’s philosophy of simplicity and security is leading to adoptable client tools, positive consumer experiences, and how it’s helping to shape how the bank focuses on technology adoption.

“It’s interesting, those two words sometimes contradict each other,” Gopalkrishnan explained. “The
 simplest thing to do arguably is the least secure, and similarly the most secure thing to do is a seven-factor authentication. It’s about, how do you make things more relevant to customers and clients so they can do things when they want to, on their time, being able to do it without jumping through hoops ... but doing it in a way that they feel protected [with] security, privacy, transparency.”

Shaping a streamlined experience

At BoA, Gopalkrishnan is aiming to redefine historically time-consuming customer experiences by leveraging secure digital solutions in simple, seamless ways.

It starts with keeping in mind that banking itself shouldn’t be a primary concern in customers’ lives, he said. “How do you make financial transactions more relevant into a customer’s life as they go through
their day-to-day life? Because nobody wakes up and says, ‘I want to
bank today.’ People wake up saying, ‘I have to go live my life today, and part of living my life is that I have to conduct financial transactions,’” he explained. “We want to be at that point that, when they need that financial transaction, it fits into the context of their life.”

By equipping its app with customer service capabilities, Gopalkrishnan explained that BoA is attempting to trim away time-consuming frustration from personal financial management. From inquiring about charges to depositing checks to accessing personalized assistance, nearly every action can occur within the centralized app, offering clients on-the-go alternatives to otherwise potentially tedious tasks. The app also contains cutting-edge authentication technology, he said, that keeps users’ private information safe from digital threats.

For some consumers, however, it can be difficult to embrace new solutions and take the leap from the ingrained practices like visiting a branch and waiting in line to make a deposit with a teller. When Gopalkrishnan looked closely at what was keeping certain customers going out of their way to take care of tasks that can now quickly be accomplished in-app, he found it was less an issue of unfamiliar technology, and more a matter of human psychology. And a big part of that psychology, he said, is about feeling safe about transactions.

The digital authentication balancing act

Authentication has proved to be a crucial thread in BoA’s journey to redefine their banking experience. Not only do comprehensive authentication solutions cut out time-consuming steps, but they also serve to better protect clients’ digital identities. For customers used to managing their money at brick-and-mortar branches, making the switch to digital can feel like a major risk – one that can steer them away from the convenience of mobile banking.

“It’s understanding, what makes me feel safer? And sometimes it’s not just about pure encryption - and security and all that mumbo jumbo – it’s, what’s the experience?” Gopalkrishnan said. “It’s that experience design that goes hand-in-hand with the technical aspect of security, which is obviously critically important,” he said.

Consumers should be confident enough in the safety of mobile banking that they don’t feel compelled to drive to their local branch for something as simple as depositing a check, Gopalkrishnan explained. “It’s that combination of seamless user experience, great security and working on the things our customers want more of from a transaction perspective.”

To create a system that mobile clients view as being both time efficient and safe, a “tiered model of authentication” is essential.

In tailoring the level of authentication to the specific action the client is attempting to perform, the app is able to quell the anxieties of a user making sensitive transactions without creating complicated hurdles for someone who simply wants to check their balance.

“There are authenticators, which at the end of the day are a combination of who you are, what you have and what you know. You have a level
of risk associated with the business process and you want to marry [simplicity and security] and make sure you’re using the right things for the right level, and, where the risks are high, making sure there’s sort of an exception process that can help guide through the rest of the way,” Gopalkrishnan said.

Incidentally, one thing Gopalkrishnan may not be in a hurry to say goodbye to (just yet) as part of a larger authentication process: the tried-and-true password. “The reasons passwords work is that everyone knows for 50 years how eight-letter passwords work,” he said. “We have to make the next thing just as usable, if not more usable, and simple, and yet secure.”

Staying on the cutting edge – without going over the edge

One of the newer methods of authentication BoA has introduced is Touch ID, a solution that replaces traditional passwords with fingerprint-scanning technology. After being launched within a select group of BoA customers for just a week, Touch ID gained a 30 percent adoption rate, Gopalkrishnan said. This quick adoption opened his eyes to the power of familiar technology, as the last major digital initiative BoA introduced took around three years to earn this level of client engagement, he said.

According to Gopalkrishnan, Touch ID is a prime example of simplicity and security working together in a modern – yet approachable – way. The technology, which has been on the market for some time now, gained widespread popularity after Apple introduced it as an alternative to standard four-digit iPhone passwords.

BoA didn’t embrace Touch ID right off the bat, but rather waited until the solution had evolved and gained ubiquity among smartphone users.

“Imagine three or four years ago, if we wanted to do fingerprints. We would have had to build our own fingerprint sensors. We would have had to do it in a way that a customer could be trained to [use] it, because no other app would do it,” Gopalkrishnan said. The timing wouldn’t have been right for the bank back then, he said, because customers weren’t familiar with the technology yet.

Observing how digital solutions pan out for tech products before adopting them is part of the bank’s larger strategy to connect products with consumers at opportune times. As the financial institution moves to establish itself as a savvy technology adopter, it’s harnessing the power of growing solutions while waiting to see which will emerge from those not quite ready for primetime.

“The key for us is finding that sweet spot middle ground of a set of technologies that are emerging and evolving, that drive great experience, but at the same time will in fact be adopted by customers and clients because they’re easy to use,” Gopalkrishnan said. “Finding that right tradeoff and right balance is really, really important to us.”

For Gopalkrishnan and his team, part of bringing solutions to BoA customers is having to make tough choices about what technology makes the most sense for the bank. Oftentimes that means consciously steering clear of the swarm around the latest buzz.

“We are always on the cutting edge of understanding what the art of the possible is, and we look at things – facial recognition, iris scanning, palm-vein technology – I can throw out a buzzword a day that comes my way. But if you think about hype versus reality, there are things like Touch ID ... there’s a collection of things that can be integrated and stitched together to create a great experience that absolutely is reality. When we deploy them, we see great results,” he said.

What’s next?

As BoA continues to identify simple and secure solutions that will appeal to its ever-expanding customer base, it’s constantly keeping a finger on the pulse of the technology world.

“The reality is that it’s hard to get customers trained. Therefore, the more that the ecosystem can evolve to
a model where customers get accustomed to doing certain things, which then we as a bank can adopt and integrate into the ecosystem and then provide great experiences and a heightened form of security to add to that things like device fingerprint, geolocation, the one-time password,” Gopalkrishnan said. “Being able to have technology that’s in the ecosystem, that we can integrate with, integrate additional security layers, and create an experience that’s both differentiated and yet simple.”

Gopalkrishnan and his team at BoA will continue to prioritize simplicity and security as they determine which state-of-the art solutions will further enhance the customer experience.

“Unfortunately there isn’t a magical answer that has solved everything, so that’s why I think it’s a multifaceted thing. But I think we’re looking at it – whether it be Touch ID, in the future things like geolocation, NFC – it’s an increasing emergence of technologies that start to triangulate into an identification solution that gets past an eight-letter, 10-letter password,” he said.

He added, “There are multiple ways to skin the cat, and we’re exploring each of those ways.”

Safely and securely, of course.

To download the May edition of the Digital Identity Tracker™, powered by Socure, click the button below.


About the Tracker 

The Digital Identity Tracker™, powered by Socure, is a forum for framing and addressing key issues and trends facing the entities charged with efficiently and securely identifying and granting permission to individuals to access, purchase, transact, or otherwise confirm their identity.




The September 2020 Leveraging The Digital Banking Shift Study, PYMNTS examines consumers’ growing use of online and mobile tools to open and manage accounts as well as the factors that are paramount in building and maintaining trust in the current economic environment. The report is based on a survey of nearly 2,200 account-holding U.S. consumers.

Click to comment