By Mark Crichton, Senior Director of Security Product Management at OneSpan
When the pandemic struck, the entire financial services industry had to move quickly to make sure digital platforms had the capability to service customers remotely. Technology plans that had been strategized at the beginning of the year went out the window. Teams began to prioritize providing customers with a fully digitized and seamless experience that enables customers to conduct all banking activities remotely.
However, in the rush to digitize, it’s all too easy to overlook certain security concerns and issues. This presents the potential risk of security holes being left behind for cybercriminals to exploit. Fraudsters could potentially uncover numerous entry points into a bank’s or financial institution’s (FIs) network. For example, in the first month of the pandemic over £800,000 was lost due to fraud, which overall has risen by 33% since the pandemic began.
In order to prioritize digitization efforts and offer customers the best user experience that doesn’t compromise on security, there are a few steps banks need to follow.
- Become a digital first organization
Not many will argue that this year has without a doubt been one of the most disruptive on record for financial services. Banks have had little to no choice about whether to digitize their products and services. Before the pandemic, banks and FIs were already making great leaps in this area, however the processes involved are extremely complex to digitize in their entirety. Whether it’s processes for loans or a new mortgage, many have remained manual and paper-based. Fortunately, modern technology is enabling banks and FIs to streamline these difficult processes and therefore offer fully digital banking services.
Digital channels have become a major new revenue stream that banks can take advantage of. Indeed, over the course of the pandemic, they have been the only way to interact with customers for many organizations. As account opening and onboarding processes are critical to supporting digital channel growth, these should be the first things to automate and secure.
Furthermore, it’s important that banks and FIs look towards cloud-based platforms and security solutions, as this will allow their backend infrastructures to become more agile and nimble. A major benefit of cloud platforms is that they allow FIs to respond to ever-changing customer needs and adjust to security threats quicker.
- Rethink the customer journey
Since customer journeys have become almost exclusively digital this year, they need to be rethought. Customers are becoming more unforgiving when they experience friction on digital platforms, yet they still demand to be able to conduct all of their banking activity digitally. So in order to satisfy customer needs, technologies must be put in place to accomplish this remotely.
A key juncture in the customer journey is remote account opening. This has to be entirely seamless to reduce the rate of abandonment during the joining process. However, it still needs to be secure and capable of accurately identifying that a customer is who they say they are. Some banks are still using legacy technologies to conduct these processes, often with siloed tools. Integrating a single digital platform will help banks create a frictionless customer experience and provide better insights into where customers are in the journey, what products and services they’re interacting with, and how secure those areas are.
- Change how we look at risk
After satisfying the two previous steps, banks need to reconsider the risks that they and their customers face online on a daily basis. This step needs to be considered with the utmost due diligence. If not thought through in its entirety, digital users and platforms will be left vulnerable. Fraud and other cyber threats are a major issue that banks face in an everchanging landscape. As a digital first organization, carrying out regular and comprehensive assessments of the risks they’re likely to come up against offers banks the greatest chance at stopping fraud in its tracks.
In order to do this, banks and FIs need to take a strong stance on risk. They must determine what level of risk they are willing to accept during times of heightened threat. By establishing what level is acceptable and deploying a multi-layered approach to security, banks and FIs will be able to mitigate the risk of fraud.
A multi-layered approach should include technologies such as behavioral biometrics and real-time risk analysis to be able to constantly monitor banking activity to help prevent the likes of account takeover attacks.
- Secure the mobile channel
Each digital channel is unique and comes with its own exclusive security issues. In terms of the mobile channel specifically, banks need to take a zero-trust approach to security. Customer devices should be seen as potentially hostile environments, as they could easily be jailbroken or have malicious software unknowingly installed. Banks can’t trust that each mobile device is secure, so they should actively seek to secure their code and apps on the customer’s side.
To be confident that their mobile applications are safe from the many digital threats, banks and FIs must incorporate mobile application shielding. This way, even if the device has been compromised in some way, the applications themselves will remain protected.
- Real-time risk analysis using AI and machine learning
Many of today’s successful cyberattacks use machine-like actions that work in a similar way each time. Artificial intelligence (AI) has the tremendous capability to autonomously monitor patterns and behavior in account activity across multiple digital channels, which helps to identify any suspicious activity as it happens.
AI and machine learning are enabling banks to spot any malicious activity quicker than any human – or team of humans – could, helping to reduce the damaging impact of these attacks. The technology allows banks to have much greater visibility into the security of their digital platforms to proactively mitigate attacks instead of reacting when it’s too late. It can also help organizations meet regulatory requirements and improve the customer experience.
Over the last couple of years, we’ve seen the financial industry grow evermore competitive with the emergence of digital-only banks. Now, due to the pandemic, traditional banks urgently need to digitize their services, products and all the process that go along with them. This has also unfortunately spawned new threats into the digital landscape as more banks and customers go digital.
Needless to say, this ongoing digitization requires security to be given the utmost consideration, as it’s simply not something that banks can afford to overlook. As digital platforms become the norm in financial services, implementing these steps will put banks in the best position to drive customer satisfaction and growth in the future.