BID® Daily Newsletter
Aug 14, 2023

BID® Daily Newsletter

Aug 14, 2023

The Need for Speed — Safe Speed

Summary: Can a banking app be secure and easy to use at the same time? Experts say yes, via emerging technologies — and a bit of a change in culture. We discuss the importance of balancing security concerns and user friendliness with your digital banking offerings.

The first speed limits in the US were introduced in Connecticut in 1901. The speed for cities was only 12 miles per hour, while the speed limit for rural roads was 15 miles per hour. Although these speeds might seem low, they were more than appropriate for vehicles at the time, as they lacked any safety features for occupants. As cars modernized and protections for passengers such as airbags became more common, it became safer to go faster.
The balance between speed and safety applies to online banking authentication as well. Too many steps could slow down the process and frustrate users, while too much focus on authentication speed means you could be leaving out critical steps in securing your customers’ accounts against the latest cybercrime schemes. A 2022 study by Signicat, a digital identity firm, discovered that 68% of consumers have deserted digital banking product applications because the authentication process was too complex.
When it comes to digital banking, is there such a thing as a safe speed? Can a banking app be secure and user-friendly at the same time, or would a “slicker, smoother, and simpler experience” open the door for exploitation by cybercriminals? According to cybersecurity experts, meeting higher security standards doesn’t have to mean making your customers jump through hoops just to change their passwords.
Striking the Right Balance

What kind of security protocols would customers accept as the least inconvenient? Researchers at Masaryk University in the Czech Republic asked 500 people to try various authentication methods on a smartphone and then rate each method on their ease of use, practicality, and security.
The fingerprint method was perceived as the easiest to use, the most practical, and the most secure, followed by a PIN code. On the other side of the spectrum, the respondents felt that inserting a card into a card reader was more complicated and less practical than using an authentication token. For multifactor authentication (MFA), a fingerprint along with another method, such as a token or an SMS code, was slightly preferred.

The Next Iteration of Authentication
Indeed, biometric authentication and password-less security technologies can help make a banking app more secure and user-friendly at the same time, says Brandon Koeser, a financial services analyst with RSM US. Contextual multi-factor authentication — factoring in geolocation, time of day, and the number and nature of transactions — is the next step. If an app detects an attempted transaction coming from a non-registered device in Asia during the time of day that the user in Boston typically never opens the app, the app’s software can trigger an additional security step such as a token sent by text, for the user to validate the transaction.
“This way, you protect clients when the transaction seems suspicious but don’t create friction for typical connections,” says Mark Sangster, chief of strategy at cybersecurity company Adlumin. “For example, asking for additional authentication, with friendly language that demonstrates the financial institution’s commitment to their safety and value as a customer, can offset any frustration with a second or third step when it comes to banking.”
Merging Security with Ease of Use
If your community financial institution wants to create a user-friendly and safe digital banking experience for your customers, here are three key strategies to help you get started:
  1. Get marketing and compliance on the same page. Developing a safe and speedy banking app takes a cultural change within most financial institutions. Namely, everyone — marketing, IT, business line executives, and compliance officers — needs to be aligned when it comes to providing customers with first-class service. That means for both strong authentication measures and a smooth user experience. The “either/or” mindset must be retired once and for all.
  2. Establish partnerships. Partner with companies that have the know-how to help you streamline your processes, innovate, and scale quickly. 
  3. Invest in a competitive analysis tool. This will help you glean insights about your competitors’ apps and user journeys, so you can improve on what they got right and avoid what they got wrong.
When it comes to digital banking, yes, your customers can have it all: both safety and speed. As long as your institution takes the necessary steps to create a painless authentication process while still valuing the user experience. 
Subscribe to the BID Daily Newsletter to have it delivered by email daily.

Related Articles:

Protecting Your Website Domain from Common Cyberattacks
Attacks on Domain Name Systems are rampant and can result in major problems. A compromised domain name can cause myriad headaches for both the company and its customers.
DORA as a Guideline for Heightened Cybersecurity
As European financial institutions prepare to adhere to the EU’s Digital Operational Resilience Act, CFIs may find value in using these rules and regulations to help shape cybersecurity initiatives.