By Eric Crabtree
Not surprisingly, cybersecurity always ranks high on the list of chief concerns that cause bank CIOs to lose sleep at night. That’s because increasing levels of sophistication in the tech used by hackers and fraudsters is making it harder for financial institutions to defend themselves.
New types of malware and phishing scams are targeting the industry, in parallel with the industry shift towards on online lending and mobile banking. And unfortunately, not every attack is being thwarted.
Even if not well-publicized, banks, lenders and funds are losing money to fraud and it seems only a matter of time before a more substantial attack becomes prime time news. When it does, the institution in question may find themselves offline for days, suffering costs that reach into the millions and reputational damage that could last a generation.
The risk for financial services companies is twofold. On the one hand, there is the threat of attack itself – on the other, public awareness. Customers know that the wrong people want their data and money. So, they are unlikely to want to bank with any institution that isn’t putting the best security technologies on the frontline.
Financial services bodies must provide high security that doesn’t compromise on the customer experience. People want to bank with ease, but also securely. The need to remember complex passwords and cross a number of security checks can turn convenience into frustration. Which is perhaps why we are seeing financial institutions experimenting with letting customers choose a PIN code made up of emojis. The argument is that millennial users will find these more intuitive and easy to remember than traditional passcodes.
While the emoji example may seem frivolous, it is an example of the ways that institutions are increasingly looking at more seamless and innovative technologies to facilitate account security. It is a frontier that might start with emojis, but also includes bots and biometric technology.
Biometrics in 2016
While once seen as a future-gazing technology, biometrics is today readily used as a security tool. Fingerprint recognition went mainstream with the launch of the iPhone 5S, and voice, facial and eye recognition measures are becoming increasingly common methods of security.
These forms of biometric data are all unique to the individual and difficult for fraudsters to replicate. When used as part of a multifactor authentication process, these biometric measures add a layer of security on top of existing methods to ensure that only the customer in question can gain access to his or her account.
However, the problem for financial services companies is that the risk factor of introducing biometrics can be much higher. The regulatory landscape is quickly catching up with these innovations and ensuring that these authentication methods are compliant will become more complex.
Institutions must also consider that biometric data, such as fingerprints, are possible to replicate – if the hacker in question has the right technology and determination. Thus the biometric and bot tech financial institutions use not only has to be sophisticated, it has to be sufficiently more sophisticated than whatever the fraudsters are using at the same time. It will not be enough to think that fingerprints will do the job, then to allow the end user to get on with it. Instead, banks must look at emerging tech and consider how it can contribute to the security solutions they are duty-bound to provide.
Biometrics in 2026
The next generation of authentication methods will be driven by biometric pioneers, who are currently looking to make retinal and iris identification standard, and are moving forward with heartbeat, voice, gait and even typing rhythm recognition. All are so personalized to the user that they all but guarantee safety and encryption.
These can be augmented with behavioral data such as user location data. So if a login attempt is made outside the regular location of the customer (for example, not at home or the office) then institutions can flag this as suspect. Or if an access attempt is made at a time when the customer is not normally active (say, at three in the morning on a weekday), then banks can have the confidence to intercept and challenge it.
But what about the impact of these technologies on the services users receive?
Future financial technology cannot be all about fraud prevention. It will also have to give users a better experience and save money in real-term cost efficiencies.
To that end, while important, technology models don’t work without a proper business model in place as well. That is, the key to success, or at least remaining competitive, will be to ensure that you are taking efforts to develop and implement new models to improve the customer’s user experience, all with the assurance that their account is being managed securely.
Service and Reward
The journey into future technology for financial services doesn’t have a firm stop. Instead, it is a constantly evolving and moving thing, with new products and ideas redefining it all the time. And customers know that.
As such, the onus is on banks and lenders to offer their consumers tech that improves service and gives them peace of mind. The challenge for every institution is to begin the push towards biometrics and bots today, becoming financial market leaders, rather than followers.
Note: Eric Crabtree is a Vice President and Head of Unisys Financial Services for Blue Bell-based Unisys Corporation. He can be reached at firstname.lastname@example.org.