Posted: 1 March 2013 | Author: Shane Murray | Source: Chartis Research
Why do people place their money with banks? Why not just keep their savings in a shoebox or under the mattress? The answer has been, and always will be, security.
Banks provide their depositors with peace of mind. Of course, as with all economic decisions, a trade-off is required for this protection, and not only in the form of bank charges. Protection is traded for convenience. Your money might harder to steal if it’s in a Swiss vault, but it’s also considerably more difficult to access.
As well as no longer having your money literally to hand, your bank will, in one way or another, create barriers to keep your money safe from fraudsters, while making it inconvenient for you to withdraw it. As a result, convenience and security are both essential attributes for a bank, but are also at odds with one another.
However, over the past decade, the concepts of security and customer satisfaction have shifted, largely due to the rise of mobile technology and the internet. Consumers, accustomed to on-demand information and services, want banks to give them similar capabilities for online purchasing and account access.
At the same time, however, internet and mobile banking channels offer new and better targets for fraudsters. Banks face a much higher volume and range of attacks, including an increased rate of cross-channel attacks. Account takeover is now a major concern.
While banks have reacted to these threats by employing technology solutions and creating authentication barriers, these security measures have frustrated customers. Some customers may find the identification tests too taxing or irritating and quit the bank for another with laxer online security.
Banks are often told that a balance needs to be struck between anti-fraud measures and the customer experience. However, this is not strictly true. While security and customer convenience do need to be balanced, they are actually both factors that affect the customer experience.
Instead, banks must choose between the relatively short-term costs of irritating the customer with over-rigorous anti-fraud measures and the long-term cost of an embarrassing failure to protect the customers (and the bank) and their assets. To strike this balance, it may be necessary for banks to invest in anti-fraud technologies that do not focus on authentication barriers, but instead focus on post-log-in detection and prevention of fraud.
This has a number of advantages. It makes the online and mobile process more convenient for the customer and, more importantly, focuses anti-fraud resources on the area the bank has control. Anti-fraud technologies that focus on authentication techniques rely too heavily on the customer and remain vulnerable to user or device compromise and man-in-the-middle or man-in-the-browser attacks.
By contrast, session and account monitoring can focus on detecting malware, use navigation analysis, and check for unusual activities to detect and prevent attacks in real time. Combined with less obstructive authentication techniques, this can improve security and customer convenience, improving the customer experience as a whole.