Change is difficult. Why change the status quo if it works and everyone seems comfortable with it? This applies to all aspects of life, and banking security is no exception. However, change is healthy and arguably necessary as the digital world evolves around us. Here are five reasons why you should consider taking a fresh look at your organization’s authentication processes.
PSD2 regulations in Europe dictate that strong authentication must be in place when clients make digital payments. Most financial institutions today provide authentication in the form of SMS one-time passwords or a card reader. These mechanisms no longer hold up against account takeover fraud, are expensive, and above all are inconvenient for users.
Leading authentication solutions incorporate a secure second channel instead. Aside from using the internet-based primary channel, a separate, encrypted channel is created between your organization’s data centers and your users’ mobile devices. This opens up the possibility of using push-based requests and responses to provide a secure and customer-friendly solution for strong authentication.
Today’s authentication methods can be quite expensive: card readers or tokens have to be produced and distributed, while sending text messages adds high variable costs. An authentication method that does not use tokens or SMS will reduce your operating costs considerably.
Account takeover fraud in particular is a major problem for the financial services industry. When accounts are accessed illegally, the immediate financial loss can be significant, but the reputational damage to the organization can last even longer. Using digital certificate technology to manage your customers’ mobile devices will go a long way in combating phishing attacks.
Another reason why organzations are hesitant to change is that authentication solutions tend to be complex to implement and maintain. Fortunately, solutions by third parties are helping to ease this burden. New-generation solutions come with out-of-the-box encryption technologies designed to meet all established and emerging international threat vectors. Broadly recognized by consultancy firms for offering state-of-the-art authentication, these vendors are a much safer bet than an internally built solution.
There is a growing population of digital natives that expect absolute ease of use when operating online. They see no reason why their bank cannot enable them to perform transactions on the go, or why large payments or sensitive transactions are limited when done from a mobile device. And why do they have to carry a special hardware token with them wherever they go?
For these banking customers, a hassle-free user experience boosts their loyalty to the bank, raises their use of lower-cost digital channels, and decreases abandonment rates at checkout.
Pursuing a customer-centric approach to digital banking and payments is vital to the long-term health of the financial services industry, and taking a fresh look at multi-factor authentication is a good place to start.