Mobile Banking’s Authentication Game-Changer

How Authentication Is Changing In Mobile Banking

The way we bank is changing in the age of COVID-19.

And as Entersekt Senior Vice President of Product Christian Ali told PYMNTS in a recent interview, the means by which banks authenticate their suddenly digital users must change, too.

 

As Ali noted, expectations about what banking should be are changing as “all of a sudden, overnight, all users were thrust online.”

That puts pressure on banks that, prior to the pandemic, may have anticipated, at best, “medium usage” of their online banking efforts, where other subsets of users (older consumers come to mind) might have chosen in-person branch visits to conduct transactions and other activities.

Financial institutions (FIs) have had to step up and deliver on their promises of the benefits associated with the digital channel, noted Ali. Some banks have succeeded more than others, as challenges have arisen when trying to scale financial services digitally, with the right mix of features and functions.

“You find that there are different expectations based on different users” and demographics, he told PYMNTS. But by and large, with branch activities curtailed and lingering public health fears in place, banks have to offer a uniform, consistent and safe experience to all users, across all types of (online) interaction.

Asked what lies ahead as digital banking increasingly takes root, Ali said the general push to contactless payments will continue, with some subsets growing especially quickly.

By way of example, Ali noted that in countries such as South Africa, the use of QR codes has been embraced by the financial services industry.

Against that backdrop, fraud has been skyrocketing.

“An increase in cyberattacks is common in a time of crisis,” said Ali. “Cybercriminals basically prey on social vulnerabilities, and COVID-19 is no exception.” Scams have grown by triple-digit percentages as measured month over month.

The attacks are mostly prevalent across the healthcare and financial industries, he said, but the methods of attack are still primarily email phishing and phone calls. It’s social engineering at its worst, affirmed Ali.

As for the banks, “what we’re seeing are initiatives that focus on introducing security layers that are more user-friendly, but secure enough to open up the channel of services and enable users to do all the things they did in the branch.”

That security layer itself is only as strong as the authentication process.

As Ali noted, authentication was (and still is) relatively simple in a brick-and-mortar setting: A person shows up, presents two forms of ID and can be matched (face to face, so to speak) to that ID.

“When you move to the digital channel, it’s a little more complicated” to authenticate users, he said. “You need a number of tools in place to validate and authenticate that this person is in fact who they claim to be.” Getting to that level of certainty requires a balance between risk and friction.

The game has changed, said Ali, which means that past efforts to introduce at least some friction (albeit low friction), such as using only SMS prompts to double-check the legitimacy of transactions, may not be enough.

He pointed to “friendly friction” as a way to engage digital banking users, and as a way for banks to ensure they are contacting consumers in the way they want to be contacted.

Some people, noted Ali, want notifications for each and every transaction, while others want to encounter friction only when they are making high-dollar-value payments (as always, educational efforts on the part of FIs and outreach to users helps to fine-tune authentication endeavors).

The movement toward a customized authentication protocol can be a challenge for many FIs, said Ali. “There’s a lot of great technology out there, but it’s about applying the right tool to the right use case,” he told PYMNTS.

Ali pointed to behavioral biometrics as a form of technology that can be especially helpful in the age of eCommerce — in many, but not all, settings. As he added, there’s no one-size-fits-all approach that can solve all authentication issues across all use cases. Behavioral biometrics are great for online shopping, he noted, but they don’t enable a streamlined, one-click checkout experience, as so many variables are at play, from the way people hold their devices to how fast they type.

In implementing and embracing a diverse anti-fraud toolset, said Ali, FIs should partner with cloud-based platforms that can pull in different solutions through a single point of integration.

“If a bank is integrated with a cloud partner that can actually pull in all of these third-party services and orchestrate the events with the institution, it accelerates the implementation process and reduces their development time,” he said. “Historically, security has been looked at as a barrier to a better user experience, but with the technology that’s available, it can now be leveraged as an enabler” for a better relationship between users and their FIs.