Banking on digital ID to reimagine the customer journey

More than a quar­ter of all mali­cious cyber attacks are direct­ed at banks and finan­cial organ­i­sa­tions. The indus­try is under con­stant attack, and the bar­rage is show­ing no sign of eas­ing off.

Along with efforts to pro­tect itself from increas­ing­ly pro­lif­ic bad actors, the finan­cial ser­vices indus­try is just that – a ser­vice indus­try. More­so than most, it is start­ing to feel the squeeze when it comes to exceed­ing cus­tomer expec­ta­tions for faster, sim­pler and more secure dig­i­tal ser­vices.

Today, clients expect to arrange a car loan through their phone, down­load bank state­ments on the web and com­plete their dai­ly bank­ing trans­ac­tions fuss-free. With expand­ing dig­i­tal oppor­tu­ni­ties comes the need for greater dig­i­tal pre­cau­tions, and this obsta­cle is antic­i­pat­ed to become more pro­nounced as the indus­try edges clos­er to real­is­ing Web 3.0.

Matthew Moy­na­han, pres­i­dent and CEO of dig­i­tal agree­ments secu­ri­ty com­pa­ny OneS­pan explains: “Finan­cial organ­i­sa­tions need to rethink their pre­ven­tion strate­gies to safe­guard cus­tomers with­out bur­den­ing them with more secu­ri­ty.” The para­me­ters are chang­ing and secu­ri­ty will need to be all-encom­pass­ing in dig­i­tal envi­ron­ments. “Secu­ri­ty has tra­di­tion­al­ly focused on pro­tect­ing the company’s lap­tops, net­works or pay­load. But now we have to look at the cus­tomer as the enter­prise attack sur­face and how we pro­tect every step of that cus­tomer jour­ney,” he says.

Moy­na­han pre­dicts that banks will soon be deal­ing with mil­lions more con­sumers through dig­i­tal ser­vices. How­ev­er, the pan­dem­ic has giv­en rise to a new breed of cus­tomer that is reluc­tant to access finan­cial ser­vices on-premise, instead opt­ing for dig­i­tal access. “We are see­ing lots of trends and fac­tors come togeth­er to dri­ve dig­i­tal ser­vice con­sump­tion – Covid-19, increased automa­tion, a desire to cut costs, and a mass move­ment online. That mas­sive­ly increas­es your dig­i­tal attack sur­face,” he says.

As expec­ta­tions change, finan­cial organ­i­sa­tions need to be active­ly devel­op­ing authen­ti­ca­tion iden­ti­ty ver­i­fi­ca­tion sys­tems that pro­vide appro­pri­ate reg­u­la­to­ry com­pli­ance and secu­ri­ty at every stage of the cus­tomer jour­ney. This means assur­ing the iden­ti­ty of non-cus­tomers mak­ing con­tact for the first time, right through to the point of clos­ing an account. Each user should know that their asso­ci­at­ed data and trans­ac­tions are secured appro­pri­ate­ly. “The mar­ket is mov­ing towards con­tin­u­ous iden­ti­ty ver­i­fi­ca­tion and authen­ti­ca­tion. It’s not good enough to prove once that the cus­tomer is who she says she is. Just because the cus­tomer is ver­i­fied once doesn’t mean it’s nec­es­sar­i­ly them the next time giv­en the preva­lence of iden­ti­ty and cre­den­tial theft.”

As dig­i­tal and vir­tu­al expe­ri­ences take over, val­i­da­tion tech­nolo­gies need to evolve. “We need to val­i­date the cus­tomer, and the cus­tomer needs to val­i­date us because there are so many spoof and fake ser­vices around, and we can all see the impact that has,” Moy­na­han says. He cites the exam­ple of the recruit­ment indus­try, which faces an increas­ing threat from false can­di­dates apply­ing for remote roles through a dig­i­tal side door.

Sim­i­lar­ly, if some­one applies to extend their mort­gage and speaks to an advi­sor vir­tu­al­ly, how can both par­ties be sure they’re speak­ing with the right per­son?

While post-Covid con­sumers might pre­fer dig­i­tal to in-per­son expe­ri­ences, the nature of ser­vice indus­tries dic­tates that when things go wrong, cus­tomers still expect a per­son to be avail­able on demand. For busi­ness­es sell­ing high-val­ue prod­ucts like mort­gages or cars, the assump­tion is that cus­tomer sat­is­fac­tion will be embed­ded in the process. Find­ing ways to add a human into the loop, secure­ly but vir­tu­al­ly, is essen­tial to meet­ing cus­tomer demands when prob­lems strike.

“I believe we’re going to see this notion of inte­grat­ing secu­ri­ty through­out all stages using dig­i­tal ID ver­i­fi­ca­tion and authen­ti­ca­tion, not only in the phys­i­cal and dig­i­tal worlds but poten­tial­ly also in the meta­verse,” says Moy­na­han. “Intro­duc­ing peo­ple into vir­tu­al encoun­ters is per­haps one of the biggest chal­lenges around authen­ti­ca­tion when no one looks the same.”

These secu­ri­ty checks must be care­ful­ly designed to cre­ate a seam­less user expe­ri­ence, while also meet­ing reg­u­la­to­ry and com­pli­ance require­ments. “We’ve all had that expe­ri­ence of log­ging into one sys­tem to make a trans­ac­tion, then when you have to log in again or pro­vide anoth­er set of iden­ti­ty data, we drop off the trans­ac­tion because it’s too much has­sle,” says Moy­na­han.

Ulti­mate­ly, deliv­er­ing the coher­ent, per­son­alised user expe­ri­ences that Web 3.0 enables will take indus­try-wide col­lab­o­ra­tion involv­ing finan­cial organ­i­sa­tions and gov­ern­ments. “His­tor­i­cal­ly, com­pa­nies have com­pet­ed for prof­it and rev­enue, but I hope we will see sig­nif­i­cant­ly more coop­er­a­tion in future between enti­ties,” says Moy­na­han. With dig­i­tal wal­lets, pay­ments and iden­ti­ty, there is greater oppor­tu­ni­ty for shar­ing across a broad set of ini­tia­tives in finan­cial ser­vices. In turn, user expe­ri­ence can be opti­mised. Banks are also in a posi­tion to prof­it from inte­grat­ing cus­tomer jour­neys across plat­forms but will take a lev­el of coop­er­a­tion that has yet to be seen.

By adopt­ing user-cen­tric authen­ti­ca­tion and e‑signature tech­nolo­gies, banks have the poten­tial to trans­form the user expe­ri­ence. Today, when a cus­tomer makes a trans­ac­tion with their bank, their iden­ti­ty is attached to that spe­cif­ic bank. If the cus­tomer then wants to make anoth­er trans­ac­tion with a sep­a­rate insti­tu­tion, there are new hur­dles to over­come to prove their iden­ti­ty again.

Moy­na­han believes that bank­ing could become an almost invis­i­ble fab­ric over which mul­ti­ple ser­vices run, using a sin­gle, con­tin­u­ous­ly authen­ti­cat­ed iden­ti­ty with the right coop­er­a­tion. “Just because my mort­gage is with Bank of Amer­i­ca and my check­ing account is some­where else, why can’t I have a sin­gle great expe­ri­ence across finan­cial ser­vices?” he says. “I think the banks should lever­age their trust and act as a fab­ric for the user expe­ri­ence and the iden­ti­ty of the end user rather than exist­ing as islands.”

This more con­nect­ed bank­ing ecosys­tem is poised to go beyond deliv­er­ing enhanced user expe­ri­ences. Banks would also ben­e­fit because this type of authen­ti­ca­tion makes com­pli­ance more achiev­able and has the poten­tial to reduce oper­at­ing costs.

As finan­cial organ­i­sa­tions turn their atten­tion away from inter­nal threats to pro­tect­ing and authen­ti­cat­ing dig­i­tal ser­vices for cus­tomers, approach­es to tech­nol­o­gy are in need of appraisal. Cus­tomers have become the attack sur­face in this Web 3.0 world, where pre­vi­ous­ly employ­ees posed the great­est enter­prise risk. Deliv­er­ing tru­ly com­pelling user expe­ri­ences starts with­out sac­ri­fic­ing secu­ri­ty and is the sem­i­nal chal­lenge in our new world.

For more infor­ma­tion, vis­it onespan.com