As the pandemic hit and lockdowns were issued, banks and financial institutions (FIs) had to scramble to digitise their services to still cater for customers remotely. Previous technology plans had to be put to the side to allow teams to create platforms that provide a fully digital and seamless user experience for customers allowing them to conduct their banking from home, writes Mark Crichton, pictured, Senior Director of Security Product Management at digital authentication product company OneSpan.
However, with the new direction in building and enhancing digital customer journeys, banks may have, in their rush to digitalize, may have left behind security holes now leaving customers vulnerable. The shift to digital platforms hasn’t left the opportunity for cybercriminals scarce. The number of entry points into a bank or FI’s network has only increased. Over the course of the pandemic lockdown we saw fraud rise by a-third and over £800,000 was lost in the first month alone to coronavirus related scams. The following steps will give banks the guidance they need now to offer their customers the best user experience, that doesn’t compromise on security.
Step one – Prioritizing digitization
2020 has undoubtedly been the most disruptive year in recent memory and for banks, they’ve had little choice but to accelerate their digital transformation efforts. Even before the pandemic struck, many banks and FIs were making great leaps in this area. The finance industry has many complex processes, from mortgages to loan agreements, which for the most part have remained manual paper-based processes. Technology is allowing banks to streamline these processes and enable them to do so from remote working environments.
Automating and securing account opening and on-boarding processes with new technologies is a big first step to support digital channel growth. This channel represents a new revenue stream that banks and FIs can tap into, often surpassing the costs associated with automation technologies. In the thick of the pandemic, the digital channel is sometimes the only channel available to some institutions.
Another important component to prioritizing digital transformation efforts across the organization is adopting cloud-based platforms and security solutions for their back-end infrastructure, will allow them to become more agile and nimble. Cloud-based platforms also allow them to respond faster to changing customer needs but also respond and react to fast-changing security threats.
Step two – Rethinking customer journeys
The customer journey has gone entirely digital and needs to be reconsidered by banks and FIs. Customers are increasingly unforgiving to any type of friction they experience in their digital customer journey and now expect to be able to conduct all their banking activity online. Banks need to have the technologies in place to be able to service customers’ needs remotely – from setting up new bank accounts to applying for a mortgage, customers demand fully seamless and digital experiences.
Remote account opening is a critical point in a customer’s journey. It needs to be frictionless to avoid them abandoning the joining process, but the process still needs to be secure and able to verify a customer is who they say they are. Several banks are still using legacy technology solutions for these processes, with siloed tools. Establishing a single platform can allow banks to create a user-friendly experience and further help them to understand where in the journey customers are, what products and services they’re interacting with, and how secure those areas are.
Step three – Reassessing risk
Following completion of the first two steps, banks need to then gauge what risks are facing their customers, the bank itself and its digital platforms. Often this step can be overlooked or not conducted thoroughly enough, however, when you’re now a digital-first organisation, there’s a number of cyber threats to consider. Fraud is a major, ever-changing threat banks face, so regular assessment of their risks provides banks the best course of action to stopping fraud in its tracks.
Banks and FIs need to establish a firm stance on risk, fraud and the level that they’re willing to accept in times of heightened risk. Once this has been done, banks must look to secure their different channels and implement a multi-layered approach to security. Banks can mitigate the risk of fraud with technologies such as behavioural biometrics and real-time risk analysis that constantly monitor online and mobile banking sessions can help prevent fraud such as account takeover attacks.
Step four – Securing the mobile channel
Every digital channel that a bank or FI operates on has its own security concerns. Looking at the mobile channel, the different platforms and operating systems are not always secure since customers could be using a jailbroken phone or have malicious malware installed on their device. This can create wider security issues for the bank’s network. The mobile channel is a potentially hostile environment and banks can’t rely on customers to keep mobile apps secure. Therefore, banks and FIs must actively seek to secure their code and app on the customer’s side.
In order to harden security of these mobile applications, banks should deploy mobile application shielding and this way they can be confident about the security of their applications even on a customer’s insecure mobile device.
Step five – Using AI and machine learning for real-time risk analytics
AI is being deployed by banks to automatically monitor patterns and behavior to identify any suspicious activity much quicker than any human could. Many attacks use machine or bot-like actions which work in a similar manner each time. AI and machine learning allow the bank to identify threats in real-time before an attack can devastate their network. It provides stringent security and instant visibility across their mobile platforms that halt fraud and other types other cyberattacks as they happen.
Digital-only challenger banks, like Monzo and Starling, have created a very competitive market for traditional banks. Meanwhile, the pandemic has compelled traditional banks to digitalize their services. in turn, spawning growth to the digital threat landscape, and customers demanding fully digital and seamless customer experiences. The banks that lag behind digitalizing their services risk losing current and potential customers.
Nevertheless, when digitalizing services, banks and FIs cannot overlook security. Customer journeys need to be fully assessed in terms of risk, mobile app security and leveraging new technologies such as AI and machine learning. These steps set out above will give traditional banks the digital approach they need to reap the rewards.
