Banking has come a long way since we had to make time to squeeze in a visit to the bank teller into our working day. Banks now have a much easier, more open, relationship with customers. One area that banks are using to make the customer experience better, is by expanding access to their services through the expansion of Internet and mobile banking offerings.
A recent ING report into mobile banking found that within 12 months, 63% of European mobile device owners will be using those devices for mobile banking. The main reason for choosing a mobile device to manage personal money is convenience. Digital banking is a great boost for the industry. It will encourage users to perform more transactions and engage with the bank in a more fluid manner. And soon mobile banking will have other drivers too. Several of the biggest U.S. banks including Citigroup have decided to close branches altogether in a push to encourage digital banking. The future of banking is here. But are we ready for it?
When it comes to mobile banking, convenience and user experience are paramount. There is a problem: making mobile banking experience safe is vital, but how can you safely authenticate your customer without causing friction?
What’s The Problem With Current Methods of Authentication Anyway?
We have watched as companies like Apple innovate authentication by using biometrics such as fingerprint and face recognition, allowing them to bypass the traditional method of simple yet irritating use of usernames and passwords. Yet still there are issues with authentication, and these issues are especially acute for mobile banking.
The mainstay of robust authentication has, until recently, been that you use two-factor and multi-factor authentication (2FA/MFA). For example, 2FA often requires the use of a first factor, usually a username, and then a second factor, which is usually a password. MFA adds other criteria on top of valid credentials, which can be an ‘out-of-band device or, more commonly these days, a static biometric identifying factor such as a fingerprint, or facial recognition, etc.
The challenge with both of these approaches is twofold. Firstly, this static data is not sufficient for dynamic nature of mobile channels. Not only stealing static biometric data is just as easy as the good old password, but an even more fundamental problem is the lack of authentication past the login threshold. Advanced attacks such as bots or emulators can overtake legitimate user sessions to authorize fraudulent transactions, making the need for continuous authentication apparent.
Arguably the most significant obstacle is that these more traditional approaches cause friction for the user. Asking users to remember multiple passwords or enter a code that has been sent to their email, after they have already entered their usernames and password is problematic. Users do not want to work so hard just to login to their accounts. Then, demanding that users re-insert their authentication details during the session (to avoid session time-out or step-up authentication for riskier transactions) is also a key factor that leads to session abandonment for mobile banking apps.
Behavioral Biometrics to the Rescue
Mobile banking is an important advance in the industry and we need to make it work securely with as little friction as possible. This means we have to take the technological advances in the authentication arena and build smarter methods of authenticating mobile banking customers. This is where behavioral biometrics comes in. Behavioral biometrics offers a balance between tight security and usability. Overall it makes the digital experience better for all - both the bank and the customer.
Why Behavioral Biometrics?
Behavioral biometrics is a highly secure authentication method based on the use of dynamic biometrics. To confirm that the person using the device was truly who they said they were throughout the entire session, means that a one-off check at login will no longer suffice. To fight advanced fraud and RAT attacks, the authentication has to be ongoing; a continuous flow of data between the customer and the bank to ensure their identity.
But how can we make sure that stringent security measures do not interfere with customer experience?
Behavioral Biometrics and User Experience
Behavioral biometrics is a unique authentication method that doesn't require any extra actions or steps by the user. It is continuously running in the background, checking the user against hundreds of unique behavioral parameters such as finger pressure, typing speed, the angle at which the device is held continuously throughout the length of the session. Together, these unique behavioral traits constitute a unique user profile and are virtually impossible to mimic.
Behavioral biometrics eliminates the need for step-up authentication, removes friction and improves the overall customer experience. At the same time, behavioral biometrics is extremely easy to implement, as it utilizes hardware already present in most mobile devices.
- Makes the digital experience great for customers, removes friction and frustration associated with step-up authentication methods
- Increases the functionality of the mobile banking experience, allowing even high risk transactions that previously needed manual approvals by the bank's fraud teams.
- Reduces fraud and false positives through continuous authentication
Customer experience in banking is the main driver behind banking disruption. “All banks must prioritize UX, design thinking and experience architecture to compete for the future right now. This is a trend that’s only going to advance.” – Brian Solis, Principal Analyst for the Altimeter Group.
To get banks in a strong position to take mobile banking into the future, they need to make customer experience alongside security a design goal.
Read more about the business case for behavioral biometrics for mobile banking and the many use cases that continuous authentication can be applied to in the new whitepaper: