Regulations and requirements aimed at making retail banks more secure are driving customers away, according to Aarti Samani, SVP of product and marketing at iProov.
A report by IPSOS Mori showed that on average, two-thirds of customers are unsatisfied with their bank in the UK, something that Samani blames on the cumbersome security experience, in particular the use of complex passwords and one-time-passwords (OTPs).
“It started with simple passwords, then complex passwords, then one-time passwords, or OTPs, then two-factor authentication,” she says. “Logging into my bank account has become very inconvenient for me as a customer. It’s a pain to have to wait for my OTP to arrive, I might not have my phone with me, I might not have my hardware token with me. This results in high levels of frustration, my negative score to the bank is very high, and the bank’s Net Promoter Score suffers.”
Aside from the considerable customer dissatisfaction passwords can cause, Samani also believes they pose both a considerable financial cost and a significant security risk.
“The security revolves around something I know (a shared secret like password) or something I have (like possession of a device). The problem is that passwords can be shared or stolen and devices can be compromised.” This information sharing, or secret sharing, is problematic for banks as they know it isn’t very secure. Tests by Which? magazine found that in the UK, some banks don’t even have two-factor authentication, while others still accept weak passwords like ‘password1’.
“For the bank, their reputation is at a huge risk because they know that passwords and OTPs are broken and can be spoofed at any time,” Samani says.
Banks are aware of this though and so spend considerable time and money making sure that if something goes wrong, a customer can regain access to their account and funds. But that adds a financial problem, according to Samani.
“The cost of resetting and maintaining passwords is shooting through the roof. Think about the number of times you forget your password, or your mother forgets the name of her first pet, then you have to contact the bank’s call centre or you have to go through the long online process to reset the password, which requires you to receive an OTP, and the hassle that goes with that.”
The Financial Times reported that cyber-attacks on financial services firms had increased fivefold in 2018 and was costing banks hundreds of thousands of pounds to repair systems alone, while fines and actual sums stolen bring costs of poor cybersecurity into the millions.
“The cost of resetting passwords, of the help desk personnel involved and other operational overheads is huge. And the banks are not benefiting from it, there is no ROI – these are just sunk costs,” Samani adds.
The rise of the challenger
Traditional banks face challenges on a number of fronts. Perhaps the most acute threat is that of the so-called ‘challenger banks’. The likes of Monzo, Revolut and Starling Bank are capitalising on traditional banks’ slow digitisation, sweeping up millions of customers along the way each year. Monzo for example, has over three million customers in the UK alone.
“Long-established retail banks are up against digitally advanced competition, who are taking their market share and do not have the same overheads that the traditional banks do. And, because they are digitised, they are then able to meet with the compliance and the regulatory requirements much faster than their counterparts, who have a lot of bureaucracy and legacy systems to deal with.”
These factors, of security threats, customer experience problems, competition from challenger banks and rising costs mean that for Samani, banks have no option but to act fast.
“They have to do something different. They have to digitise more services, faster. They have to be more secure while at the same time being more user friendly, otherwise it will be difficult to survive and remain profitable,” she says.
Biometric authentication solution
Samani says the only solution to these threats is biometric authentication technology. It works by utilising the unique biometric characteristics of an individual to verify that they are who they claim to be and are therefore authorised to access a bank account.
Not only is it cost efficient, but biometric authentication can help rebuild the relationship between customers and banks through ease of use and added security, says Samani.
“Retail banks are already struggling with rising costs and eroding market share, this has an impact on the overall profitability. Operating in such environmental factors, you have to do something dramatically different in order to protect yourself and continue in business. Digitisation is the way forward, and the way to protect yourself in the digitising process is by using biometric authentication solutions that determine the genuine presence of the user.”
For iProov, the validation comes from the rigorous testing already employed by customers which include banks like ING and Rabobanks, the National Health Service (NHS) in the UK and The Department of Homeland Security (DHS) in the US.
“The DHS tested us and put us through several hundred different types of spoof attacks to make sure that we could respond successfully to each one of those,” Samani says.
What’s more, iProov’s solution is cloud-based which allows it to be adaptable as threats evolve over time.
“In our opinion, there is no option but to have cloud-based authentication – it allows us to observe emerging trends in spoof attacks and apply machine learning to adapt our security to these threats.” Samani says.