PYMNTS-MonitorEdge-May-2024

Banks Balance Customer Convenience and Security With ‘Intelligent Friction’

Intelligent friction is among the holy grails of commerce in general, and for financial services firms in particular.

As a trio of payments executives told PYMNTS’ Karen Webster, contextual awareness, made possible by advanced technologies, can help banks authenticate legitimate consumers and transactions through risk-based analysis.

And that analysis, they said, should take place in the background, unseen and unfelt by individuals.

The panel included Entersekt CEO Schalk Nolte, NuData Vice President of Product Management Jill Bugh and Citi Global Head of Digital Security, TTS Raj Shenoy.

Nolte said that we’re headed toward a new iteration of authentication. The first iteration, he said, was based on banks treating their customer bases all the same — and intervening when something fails, as is the case when a transaction does not go through.

But the burgeoning wave of eCommerce demands that the banks look more closely at individual consumers’ actions and behaviors, with the device as a conduit to understanding a range of behaviors that give insight as to who’s on the other side of the transaction.

The urgency and opportunity is there.

As PYMNTS and Entersekt have found, 83% of consumers say that digital security has a huge impact on how they think about the trust they have in their services providers. Additionally, six in 10 respondents are willing to embrace security options that move beyond the password.

But some hurdles remain. As Shenoy said, “For many years, security and convenience have been at odds.”

See also: Consumers Say Security, User Experience Now Equally Important When Accessing Digital Accounts

No Longer a Trade-Off 

The conventional wisdom holds that more security leads to less convenience — and more convenience leads to less security.

However, as Shenoy noted, advanced technologies including biometrics can strengthen the relationship. Using a thumbprint is easier, and it is more convenient to use a thumbprint or a face scan than it is to remember a password to gain access to a bank’s site.

“It’s no longer a tradeoff,” Shenoy said.

Read more: Moving the Passwordless Future to the Here and Now

But as evidence of the headwinds, consider the fact that Apple implemented app tracking transparency, which requires users to grant permission to be tracked by the apps that they use on iPhones and other Apple devices.

And as for how consumers have taken Apple’s actions to heart? It’s reported that 40% of consumers have said, “No, thank you. I don’t want to be tracked.” But in the bid to protect privacy, in giving the consumers the option to opt out, fraudsters may take advantage of loopholes and leeway to ply their schemes.

The deck is stacked a bit in favor of the bad actors: The fraudsters have a vested interest in knowing about tracking tools, with an eye out for how to subvert them. The fact that so many of us have opted out of opting in leaves consumers vulnerable to various fraudulent schemes.

Gaining a Holistic View 

As Bugh said, “Allowing the consumers to have the ability to opt out is fine, but you need to make sure that you are looking holistically and have the tools in place to validate who the users are.”

For the financial institutions (FIs), there is some soul-searching that needs to take place, according to Shenoy: They must examine whether they are thinking critically on how to use the technology, how they are applying it and whether they are being transparent — in broad strokes, at least — with their end users.

In one example, Shenoy noted, “Are we using someone’s email for spam or are we sending them critical information that is important for their financial transactions?”

Thus far, the banks are coming up a bit short, running up against a bit of misperception on the part of consumers. The apps that everyone wants to switch off immediately, Nolte said, include location data — because many people think that data is being used by the bank for nefarious purposes.

But of course they aren’t. Nolte explained that the data can be used to make sure that someone is in their “usual” location and verify them.

“That’s the slippery slope,” he said, of the FIs, “and what shall you actually allow?”

The panelists said that not opting in to banks’ cookies and fingerprinting initiatives has the unintended consequence of creating friction in the transaction, because the bank does not have the information that can be used to verify and protect consumers seamlessly.

Context is Key  

As Nolte said: Context is key.

As he told Webster, “I want to be able to know that you are using the PC that you normally use — that your authentication and transacting device are in the same place … and this can make the alarms much easier.”

Curating the entire consumer journey from end to end is the way to do this, he said.

Shenoy cautioned that there is no real silver bullet to be used in executing that vision. At Citi, he said, the bank’s institutional clients are fairly sophisticated when it comes to having infrastructure and security in place and working in unison. They can examine significant transactions, and they can have approval workflows with three or four people in the process using different devices.

That triangulation results in risk-adjusted analysis of transactions, which can take into account whether high-level verification is necessary, determined by probalistic tools that ideally let legitimate users do what they need to do and catch the folks trying to do something they shouldn’t.

Nolte cautioned that “cross-channel awareness is incredibly important,” as banks examine all aspects of the transaction and curate the journey based on that data (and it should be noted that 25% of consumers check accounts across multiple devices). That information builds up across time, and can be used to create better estimations of legitimate users and transactions.

See also: How to Catch a Cyberthief

Nolte said consortium data is also important, and allows banks to work together to stop fraud and improve the financial services ecosystem in the meantime as any and all devices become connected endpoints.

Looking ahead, as Shenoy said, banks and regulators will need to work more closely together to create a range of policies on how to collect and manage data as transparently as can be done.

Nolte said that intelligent friction and contextual awareness can boost conversion rates significantly — by up to 50% in some cases — remarking that with those improvements, “We all have a vested interest trying to make a strong ecosystem for legitimate business to be conducted … as safely, securely and frictionlessly as possible.”

PYMNTS-MonitorEdge-May-2024