“Security is always excessive until it’s not enough.” This often-cited quote holds true for any industry, but even more so in the retail banking space.
A security problem can cause a lot of damage to a financial institution, especially if it’s a data breach that leads to nice headlines in the press. Trust in banks has gone south since the financial crisis and combining customer experience with airtight security is key in boosting banks’ reputations. Secure customer experience (sCX) will be the defining factor in deciding the winners and losers in retail banking.
Security has only grown in importance for those in financial services and will looks set to continue. According to market research studies, one out of four malware attacks in 2019 were directed at banks. No other industry suffers that same fate. It is obvious that cybercriminals will target businesses that are money-oriented, of course, and every player in the financial market is taking precautions against security breaches. Recent developments are ensuring that the IT security budgets at banks are growing in importance every year, further depleting the razor-thin margins banks are operating at.
PSD2 and other regulations
For starters, banks are being forced to open up. Regulations such as PSD2 are demanding banks give third-party access to their payment infrastructure and customer data. Doing this offers more choice to customers, opens up the financial market to non-financial players and increases competition. A positive evolution. Yet, the need for exchanging information between applications through Application Programming Interfaces (APIs) creates extra vulnerabilities that need addressing. According to recent research, the percentage of attacks that targeted APIs at financial institutions rose sharply between May and September 2019, at times reaching 75%.
Secondly, retail banks are building ecosystems with IT partners in order to offer customers more services, even non-finance related. Presenting a broad range of services helps drive loyalty in an era where switching from one bank to another is getting simpler by the day. APIs are key in setting up these ecosystems, demanding even more protective measures.
Customers going mobile
Thirdly, there’s the digitization of the way consumers interact with their banks. To a bank’s customer, the advent of smartphone apps that offer a wealth of services seems like the best invention since sliced bread. Digitization had completely changed the relationship between a bank and its customers. How often do you still visit your bank? And how often do you do banking business through your mobile? That ratio has completely flipped over the last decade. Mobile banking was a major step forward in offering a great user experience in the financial world. On the other hand: insecure connections, user sloppiness with credentials, the loss and theft of phones …. even more reasons to step up security.
Customers demanding consistent experiences
Last, and certainly not least, is the demand from customers for a seamless experience. Consumers want ease of use and consistency across different banking channels and across the different journeys they engage in with a bank: onboarding, performing transactions, resolving problems, etc. Consumers want to take the lead in deciding what they do, when and where to do it, and how to deal with data protection. Self-service is the order of the day, and consumers don’t want to conduct business only during opening hours.
It’s clear that Identity and Access Management (IAM) plays a crucial role in marrying data security with user experience, thus allowing of a secure customer experience. Here are some of the capabilities and features to look for in an IAM that offers the best of both worlds, without making your development budget go through the roof:
- Integration of business rules and business logic into the workflows;
- Attribute-Based Access Control (ABAC) to support changing requirements, environment, partners, etc.;
- Prebuilt connectors and templates for fast deployment and short development cycles
- Open platform, easy to customize;
- Centralized policy management;
- Support for Bring your own Authentication (BYOA), single sign-on (SSO), Password-less authentication, Step-up authentication, Biometrics, Social login;
- GDPR compliance, allowing users to give and revoke their own consent for sharing personal data towards applications.
Are these indeed some of the requirements you are looking for? Then let’s have a chat and see how we can work on improving your sCX.