November 13, 2018
Stop Driving Away Banking Customers With Out-of-Band Authentication.
Customer experience matters! We begin by examining the banking customer experience and how we can improve that for financial institutions. A recent banking survey provided a loud and clear message that customer experience is not only a key driver for customers who opened, but also who closed accounts. It’s the single most stated reason why they either chose to stay with, or leave a bank for a competitor.
It’s an interesting concept so we examined the way Apple conducts business and how they’ve been so successful with the way they tied the user-interface to the user experience with their products. They start with the user experience and work backwards towards the technology. Unfortunately that doesn’t always turn out to be the case for many companies with how they fight cybercrime. A lot of what’s happened in cybercrime prevention in the last few years has been centered around implementing existing solutions to solve the growing problem of online fraud and cyber threats. These first-generation solutions in most cases were supplied by existing vendors with existing solutions. Most of these early solutions were originally designed to address enterprise security and modified for the financial arena. Although initially successful, the solutions relied heavily on multi-factor authentication as a means of verifying user identity.
You can see a connection how this multi-factor authentication increases friction in the user-experience. Fast forward and you can see an environment where multi-factor authentication is used as a primary means of verifying customer access. However, there are a lot of variables out there that are changing in response to multi-factor authentication from changing variables on user devices like eliminating cookies and network access via VPN. These types of things generally issue a step-up challenge, which increases user friction, which we have determined is counter productive to customer experience. Your loyal customers will either tolerate the additional user-friction or find another provider. Although step-up and out-of-band authentication continues to be effective in fighting fraud, it also creates unnecessary roadblocks for your trusted returning customers. In today’s mobile-centric world, these invasive approaches have reached their limits.
Existing Security Solutions Were Getting in the Way
We’re starting to see similar efforts by financial institutions to reduce customer friction providing loyal customers easy access. One of our biggest banking customers in North America said that existing security solutions were getting in the way of trusted customers accessing their accounts, and as a result customer satisfaction metrics declined dramatically. This was a direct result of the bank’s effort to increase authentication to stop a growing cyber crime problem. It was pretty obvious to us the bank did not attack the problem in the same manner Apple would have. It was not accurately identifying returning customers and was stepping up late authentication, too late with many trusted customers labeled as suspicious who were forced to go through extra steps to access their accounts. It’s a very painful feeling if you don’t remember what the answers to the security challenge are. Furthermore it’s annoying for customers to have to type in long strings of numbers, especially if they’re doing this on a mobile phone.
Some of the actual statistics that we’ve seen from our network through analysis of customer data identified about a 33-percent failure rate when returning customers attempt to complete step-up challenges. This equates to one out of three customers unable to access their accounts, because of failing security challenges. More importantly we discovered about two-thirds of those that fail turned out to be actually trusted customers who were denied access.
ThreatMetrix rules are deployed based upon these anonymized attributes, which allow a deeper understanding about your customers and the friction they encounter. In essence, the difference between legitimate users and cyber criminals can be fully understood through identity analytics which examines each access attempt and transaction in real-time across the network to establish verified online personas. The ThreatMetrix persona capability provides a real-time identity database and it’s a very good indicator of detecting both trusted customer patterns and behavioral anomalies across the data on our network.
Friction-less customer experience is critical for successful online and mobile banking. Customers expect anytime, anywhere access to their accounts without the frustration of step-up challenges. Financial institutions require secure, accurate authentication that detects fraudulent activity in real time without false positives that deter customers.