Digital-First Banking Tracker® Series Report

Progress and Protection: Balancing Convenience and Security in Digital Banking

May 2024

Does the convenience of digital banking come at the expense of security, or can banks outsmart the scammers?

PYMNTS
01

Economic shock waves from fraud lead to a costly cycle, compelling banks and FIs to redirect resources from innovation to immediate threat mitigation. This redirection stalls critical innovation agendas, with profound implications for the financial industry.

02

Balancing the push and pull between innovating digital banking services and enforcing stringent security measures is a daunting challenge for banks and FIs. Achieving equilibrium, however, is crucial for preserving a competitive edge while maintaining consumer trust.

03

Security threats are evolving at a rapid rate. The enduring questions are whether banks and FIs can outpace and counteract the tactics of fraudsters while fulfilling the growing consumer expectations for innovative security and convenience.

Get Unlimited Access
Complete the form below for free, unlimited access to all our Data Studies, Trackers, and MonitorEdge reports.

Thank you for registering. Please confirm your email to view all our Trackers.

    yesSubscribe to our daily newsletter, PYMNTS Today

    By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

    Digital transformation continues to fundamentally reshape the financial industry, promising unparalleled convenience through advancements such as artificial intelligence (AI), open banking and real-time payments. It also opens doors to both emerging and evolving types of fraud. Indeed, delivering the seamless, innovative digital banking experiences consumers demand is challenging enough, but banks and financial institutions (FIs) must also tackle the vulnerabilities introduced by the very technologies that enable these experiences. Consequently, a central challenge the industry now faces is the need both to leverage these technologies and to master the art of securing them. As these next-generation services increasingly roll out, the ability to secure them effectively will likely be a key differentiator for banks and FIs — a litmus test for attracting and retaining customers in a fiercely competitive digital-first economy.

    Is Fraud’s Hefty Bill the Price of Modern Banking?

    Economic shock waves from fraud lead to a costly cycle, compelling banks and FIs to redirect resources from innovation to immediate threat mitigation. This redirection stalls critical innovation agendas, with profound implications for the financial industry.

    Fraud is evolving, putting banks on high alert.

    Digital banking is besieged by an increasingly sophisticated and complex threat landscape. Perhaps most troublingly, AI has become a weapon in fraudsters’ arsenals, targeting weaknesses in fraud control systems with alarming precision. The spike in purchase return authorization fraud, with potential losses averaging $115,000 per incident, alongside a rising tide of ransomware attacks highlights the acute vulnerabilities within current banking security frameworks. Additionally, the emergence of more obscure types of fraud, such as token-provisioning and enumeration attacks, signals a diversifying threat matrix.

    $3.8M

    Average fraud-related costs in 2023 for FIs with assets over $5 billion

    As fraud spikes, FIs battle impostors and rogue account holders alike.

    Banks and FIs continue to face a disturbing rise in both first- and third-party fraud. First-party fraud involves individuals deliberately misrepresenting their own identities or circumstances to obtain banking services, whereas third-party fraud entails fraudsters impersonating legitimate account holders, either to access services and products or to take over existing bank accounts. Indeed, 47% of FIs have dealt with account takeover fraud (ATO) in the past year alone. Phishing attacks, experienced by 73% of banking customers, are highly effective and costly because they frequently serve as a gateway to other banking services.

    Fraud’s price tag skyrockets, draining millions.

    In 2023, 43% of FIs reported an increase in fraud incidents, with the average fraud-related costs for those with assets over $5 billion soaring 65% to $3.8 million. FIs attribute a sizable share of attempted fraud to systemic deficiencies in their fraud tech stacks (14%) and in their controls and procedures (10%). The fiscal implications of fraud are profound, straining budgets and diverting strategic focus from long-term innovation to immediate crisis management, thereby hampering investment in technologies that could potentially mitigate fraud.

    Trust or Bust: Consumers at the Heart of the Bank Security Equation

    Balancing the push and pull between innovating digital banking services and enforcing stringent security measures is a daunting challenge for banks and FIs. Achieving equilibrium, however, is crucial for preserving a competitive edge while maintaining consumer trust.

    Security sells as customers demand banks they can trust.

    69%

    of consumers deem robust fraud protection critical when choosing a bank.

    When selecting a bank or an FI, consumers prioritize the presence of a robust fraud protection framework, with 69% ranking it among their top three decision-making criteria and 32% considering it the most important factor. The pivotal role that security measures play, not only in promoting customer acquisition and retention but also in shaping technology investment priorities, cannot be overstated. However, the industry must also balance the need for robust security with the demand for streamlined onboarding processes, lest it risk deterring 24% of potential new account holders.

    Security concerns overshadow digital banking’s convenience.

    As digital banking becomes ubiquitous, consumer expectations for convenient experiences grow increasingly higher. However, these expectations are often marred by significant reservations about the security of AI and other novel technologies intended to enhance these experiences. Notably, 42% of consumers express apprehension about the security risks AI might introduce, with nearly half of retail banking customers in the United States urging banks and credit unions to prioritize fraud protection. This heightened awareness spotlights again the critical balance the industry must strike between pursuing innovation and strengthening essential security frameworks, especially as one-third of Generation Z consumers plan to increase their use of digital banking services in 2024.

    The future of digital banking hinges on both trust and innovation.

    Incredibly strong consumer demand for instant access and personalized services is reshaping both what digital banking looks like and how it operates. Seventy-six percent of consumers emphasize the need for real-time service access, and 67% expect personalization tailored to their unique banking behaviors. However, their expectations go beyond convenience, with a staggering 91% stating that protecting their sensitive personal information is the most critical capability any bank or FI can possess. As the industry strives to deliver on these demands, the ability to bolster consumer trust will be pivotal, potentially dictating the pace and breadth of the adoption of next-generation digital banking services.

    Sign In to Safety: Navigating Security Obstacles in Digital Banking

    Security threats are evolving at a rapid rate. The enduring questions are whether banks and FIs can outpace and counteract the tactics of fraudsters while fulfilling the growing consumer expectations for innovative security and convenience.

    FIs weigh the potential and pitfalls of open banking — and the scales are tipping toward caution.

    Open banking is on the brink of revolutionizing the payments experience. However, industry enthusiasm for the practice — a financial framework in which banks and FIs allow third-party FinTechs to access consumer banking, transaction and other financial data through application programming interfaces (APIs) — is significantly tempered by concerns over the potential for heightened risk of fraud. A recent PYMNTS Intelligence study highlights that nearly half of FIs (46%) say open banking’s risk of fraud outweighs its potential benefits. This sentiment is particularly acute among those already battling high levels of fraud, with more than 57% questioning the risk-reward calculus of embracing open banking.

    79%

    of FIs using cloud-based solutions are confident they can offer secure real-time payments.

    Despite regulatory pressure to boost competition and improve services, only a minority of FIs (35%) believe the advantages of open banking offset the risks. This cautious stance is not merely a reaction to immediate threats but a strategic positioning to ensure that next-generation banking technologies do not outrun the industry’s capacity to guard against evolving security challenges.

    Can banks build trust with biometrics?

    In response to mounting consumer demand for secure and convenient authentication methods, a growing number of banks and FIs are turning to biometrics. A PYMNTS Intelligence study found that 47% of consumers regularly use biometric authentication, with 52% of those using biometrics favoring them over alternative methods. Similarly, a recent Paysafe survey shows that 60% of consumers believe that biometric payments strengthen the security of online transactions. By offering biometrics and other advanced authentication methods, banks and FIs achieve two critical outcomes: They align their offerings with the security expectations of consumers and demonstrate their commitment to remaining at the forefront of trust and technology in the financial industry.

    AI and ML rally to outsmart fraudsters.

    In a forward-looking move, more and more banks and FIs are deploying AI and machine learning (ML) to fight fraud. Indeed, a PYMNTS Intelligence study finds that already 79% of FIs employing cutting-edge cloud-based solutions express confidence in their ability to offer secure real-time payments — a sentiment echoed by 84% of FIs relying on rules-based algorithms. These numbers are encouraging, and with 60% of FIs committed to further investing in advanced technologies, the industry is broadcasting its firm resolve to safeguard digital banking operations and meet consumer expectations for reliability and security.

    Securing Tomorrow: Proactive Strategies for Ensuring Digital Banking Resilience

    Just as digital transformation inexorably marches forward, so too must the security frameworks of banks and FIs. However, at a time when digital progress and emerging threats evolve in lockstep, the old guard of reactive security measures falls short. For banks and FIs to remain competitive and trustworthy, they must not only adapt but also anticipate, implementing security solutions robust enough to withstand both current and future threats. This requires a paradigm shift — one that emphasizes predictive and adaptive security solutions designed for the fast-changing demands of the digital-first economy.

    PYMNTS Intelligence offers the following actionable roadmap for banks and FIs:

    • Implement adaptive and predictive security through deep learning models. Improve fraud detection by incorporating advanced behavioral analytics data into deep learning models. By analyzing vast datasets, these systems provide a dual advantage of strengthening transaction security and tailoring user experiences.
    • Reinforce customer verification processes. Standardize mandated use of multifactor or biometric authentication across all sensitive digital banking activities. Consider augmenting these measures with cutting-edge behavioral biometrics, which analyze unique user interaction patterns, to offer an additional layer of security that blends seamlessly with user experiences.
    • Prepare for post-quantum cryptography. Begin transitioning security architecture to ensure compatibility with the post-quantum cryptographic (PQC) standards recently released by the National Institute of Technology and Standards (NIST). Evaluate interoperability with existing systems, kick-start trial implementations and stay updated with the Cybersecurity and Infrastructure Security Agency’s (CISA’s) PQC initiative. This forward-thinking strategy will help to prepare for future threats and ensure compliance with emerging security standards.
    • Partner with FinTechs. Collaborate with FinTechs to leverage their agility and innovative capacities. These partnerships facilitate the deployment of AI and ML within existing technology stacks, dramatically boosting the efficacy of real-time analytics and decision-making processes. By helping to bridge the gap between traditional banking practices and those expected by modern banking customers, these collaborations can also deliver the level of security demanded by a digital-first consumer base.

    Fraudsters are relentless, driven by purely opportunistic motives. Understanding this empowers banks and FIs to fortify their security architecture — a crucial step for thriving in a market in which trust is as prized as innovation.

    About

    NCR Voyix Corporation (NYSE: VYX) is a leading global provider of digital commerce solutions for the retail, restaurant and digital banking industries. NCR Voyix transforms retail stores, restaurant systems and digital banking experiences with comprehensive, platform-led SaaS and services capabilities. NCR Voyix is headquartered in Atlanta, Georgia, with approximately 16,000 employees in 35 countries across the globe.

    PYMNTS INTELLIGENCE

    PYMNTS Intelligence is a leading global data and analytics platform that uses proprietary data and methods to provide actionable insights on what’s now and what’s next in payments, commerce and the digital economy. Its team of data scientists include leading economists, econometricians, survey experts, financial analysts and marketing scientists with deep experience in the application of data to the issues that define the future of the digital transformation of the global economy. This multilingual team has conducted original data collection and analysis in more than three dozen global markets for some of the world’s leading publicly traded and privately held firms.

    The PYMNTS Intelligence team that produced this Tracker:
    Managing Director: Aitor Ortiz
    Senior Writer: Randall Brown
    Senior Content Editor: Alexandra Redmond
    Content Editor: Joe Ehrbar
    Senior Research Analyst: Augusto Solari


    We are interested in your feedback on this report. If you have questions or comments, or if you would like to subscribe to this report, please email us at feedback@pymnts.com.

    Disclaimer

    The Digital-First Banking Tracker® Series may be updated periodically. While reasonable efforts are made to keep the content accurate and up to date, PYMNTS MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, REGARDING THE CORRECTNESS, ACCURACY, COMPLETENESS, ADEQUACY, OR RELIABILITY OF OR THE USE OF OR RESULTS THAT MAY BE GENERATED FROM THE USE OF THE INFORMATION OR THAT THE CONTENT WILL SATISFY YOUR REQUIREMENTS OR EXPECTATIONS. THE CONTENT IS PROVIDED “AS IS” AND ON AN “AS AVAILABLE” BASIS. YOU EXPRESSLY AGREE THAT YOUR USE OF THE CONTENT IS AT YOUR SOLE RISK. PYMNTS SHALL HAVE NO LIABILITY FOR ANY INTERRUPTIONS IN THE CONTENT THAT IS PROVIDED AND DISCLAIMS ALL WARRANTIES WITH REGARD TO THE CONTENT, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT AND TITLE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN WARRANTIES, AND, IN SUCH CASES, THE STATED EXCLUSIONS DO NOT APPLY. PYMNTS RESERVES THE RIGHT AND SHOULD NOT BE LIABLE SHOULD IT EXERCISE ITS RIGHT TO MODIFY, INTERRUPT, OR DISCONTINUE THE AVAILABILITY OF THE CONTENT OR ANY COMPONENT OF IT WITH OR WITHOUT NOTICE.
    PYMNTS SHALL NOT BE LIABLE FOR ANY DAMAGES WHATSOEVER, AND, IN PARTICULAR, SHALL NOT BE LIABLE FOR ANY SPECIAL, INDIRECT, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, OR DAMAGES FOR LOST PROFITS, LOSS OF REVENUE, OR LOSS OF USE, ARISING OUT OF OR RELATED TO THE CONTENT, WHETHER SUCH DAMAGES ARISE IN CONTRACT, NEGLIGENCE, TORT, UNDER STATUTE, IN EQUITY, AT LAW, OR OTHERWISE, EVEN IF PYMNTS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    SOME JURISDICTIONS DO NOT ALLOW FOR THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES, AND IN SUCH CASES SOME OF THE ABOVE LIMITATIONS DO NOT APPLY. THE ABOVE DISCLAIMERS AND LIMITATIONS ARE PROVIDED BY PYMNTS AND ITS PARENTS, AFFILIATED AND RELATED COMPANIES, CONTRACTORS, AND SPONSORS, AND EACH OF ITS RESPECTIVE DIRECTORS, OFFICERS, MEMBERS, EMPLOYEES, AGENTS, CONTENT COMPONENT PROVIDERS, LICENSORS, AND ADVISERS.
    Components of the content original to and the compilation produced by PYMNTS is the property of PYMNTS and cannot be reproduced without its prior written permission.
    The Digital-First Banking Tracker® Series is a registered trademark of What’s Next Media & Analytics, LLC (“PYMNTS”).