Pursuit for Frictionless BFSI App Experience At The Cost Of Security

By: Shahnawaz Backer

During these unprecedented times, legacy banks and financial services institutions (FSIs) face unique operational challenges. Many of them have to rapidly expand their digital service offerings in order to navigate economic disruptions. In fact, banks in Asia Pacific (APAC) are rethinking processes and digitalizing processes, with 70 percent are adopting real-time payments by 2022 according to IDC’s latest Financial Insights InfoBrief.

The consumers’ rising expectations for remote, convenient and 24/7 financial services, are focal to this accelerated adoption of digital banking services. According to YouGov’s ‘Customer Experience in Banking’ report commissioned by Avaya, 26 percent of Indian customers prefer to access services via their bank’s website, and the same number would prefer to use a mobile application rather than speak with a human agent, a much greater number compared to the 19 percent in Australia, 21 percent in the UK, and 24 percent in the UAE.

For banks, providing strong and secure digital platforms for consumers’ data and financial assets will be paramount for building and maintaining brand trust particularly at a time when cyberattacks such as online fraud are increasing. However, the strict access controls for many banking applications are often at odds with ease of use, frustrating consumers, and the business alike.

Multi-layered security: a boon or a bane?

F5’s latest Curve of Convenience Report 2020 Report, found that the banking applications garnered the highest level of trust (63 percent) followed by utilities and government services (57 percent) and eCommerce (47 percent) among APAC consumers. While it remained in first place ranking since the report was first conducted in 2018, the industry saw a drop of 16-points over the last two years amid the backdrop of high-profile security breaches.

At the same time, the respondents ranked security, application user-friendliness and faster load times among the top three most important features in an app – indicating that usability is gaining traction as a key consideration for whether to download or continue using an application.

Enabling digital services will therefore depend on the bank’s ability not just to adapt to changing customer expectations but also set the right security framework. As transactions at physical branches are reduced and moved to the cloud, banks are facing mounting pressures to be able to offer customers a frictionless experience while being able to comply with required government regulations.

With this in mind, the banking industry has implemented sophisticated security systems such as multi-layered authentication over the years. For consumers, this multi-layered authentication can be easily recognized through various methods: for instance, when logging in to bank applications, they are asked to input their username and password followed by a two-factor authentication, security questions, CAPTCHA or biometrics (fingerprint or facial recognition).

While these new solutions have been successfully implemented to prevent online frauds, they can be cumbersome for consumers and cause disruptions in their overall digital experience.

Reducing the friction in user verification

There are several aspects of digital banking to address when attempting to reduce friction in customer experience, but identity verification has always been a constant and persistent battleground for the industry. Fortunately, advances in web application security solutions have made it possible to leverage Artificial Intelligence (AI) to protect banking applications from the rising tide of fake internet traffic. Zelle is a great example where smart defenses worked instead of additional friction as malwares waited for user to get an active authenticated session before launching fraudulent transactions.

Using AI can accurately determine in real-time if an application request is from a human or a bot, and further differentiate between a bad actor and authorized individual. This approach stops bad traffic without introducing login friction for legitimate users with additional layer of security protection.

When banks and financial institutions have end-to-end visibility of legitimate users behind every interaction, they can also gain valuable insights on their customer, enabling them to create personalized, trusted and frictionless digital experiences.

Answering to a new generation of connected users

The race towards greater digital payments adoption will reshape not only traditional banking systems but also the digital customer experience. Banks and FSIs should focus on delivering unparalleled service experiences that are smart, fast and secure or risk falling behind both their industry counterparts and non-financial service competitors (the likes of Google Pay and Paytm) that are quick to transform their businesses. Because this is how the digital banking in the post-pandemic era will look like: a process of constant reinvention.

(The author is Principal Security Advisor, APCJ, F5 and the views expressed in this article are his own)