Is the future of digital banking a password free one? The ways in which banks are authenticating their users is evolving at speed thanks to technological developments. Marwan Elnakat, Digital Banking Director for the CISMEA region at Gemalto, tells us what the future holds.
Please enter your password, it says.
It seems like a simple enough task, but with the increasing number of devices we have and accounts we subscribe to, it becomes an onerous request. We’ve all been there. After exhausting a list of half a dozen alphanumeric codes and potentially a security question about what our favourite childhood sport was, we reluctantly reset our passwords hoping we will remember it the next time around.
Password fatigue is an all-too-common inconvenience. And beyond a simple annoyance, recent technological advancements mean that traditional passwords are no longer as secure as they once were. Since the advent of the Internet and digital banking, there has been a rapid evolution in the way banks authenticate their users, as more seamless and secure strong authentication methods have been introduced.
Initially, the typical reusable static passwords seemed sufficient enough to secure and validate online transactions. However, as fraudsters have become more advanced, it has become clear that this is inadequate to maintain secure online payment. Reusable passwords can be easily guessed, stolen or accidentally disclosed.
This issue is particularly significant since each day, we hear of another story of data breach resulting in identity fraud or online hacking, highlighting the ever-increasing sophistication of fraudsters. The question is, how can banks increase online security without compromising user convenience?
In a country like the UAE, with some of the highest internet penetration in the world, users expect their banks to be at the forefront of technological innovation to ensure a seamless digital banking experience. As a result, the country has a high level of online banking usage, which is expected to increase over the years. Gemalto recently conducted an e-banking study, which polled 900 global IT and business decision-makers from the banking sector and 11,000 consumers across 14 markets. The study revealed that almost three quarters of UAE consumers use online and mobile banking.
Despite the rise in digital banking in the region, our study also showed that almost half of UAE consumers think that there are security gaps in online banking solutions, and 39% are concerned that using banking applications and websites put them and their personal information at risk.
As password verification has evolved, one solution to this problem was the introduction of additional verification mechanisms which require the user to present several pieces of evidence to confirm their identity, known as multi-factor authentication. There are several ways this method has been leveraged in order to increase security for end-users. One-time passwords sent to users either via SMS or through mobile applications, provide an additional layer of protection and verification.
Banks have also looked to dynamic digital signatures which, for example, requires users to enter the last four digits of their bank accounts when making a transaction. Still, while these methods do add additional layers of protection, they also add more steps to the end user which can result in increased password fatigue.
The onus always lies on banks to keep up with the latest technology to safeguard the precious customer financial data while offering the most outstanding user experience. That’s precisely why the use of biometric technology is now on the rise in many markets, with governments, regulators and banks looking to build in extra layers of verification and security that are ultra-convenient because invisible to the end user.
Behaviour biometric monitoring and analysis, when combined with other techniques like geo-localisation and device profiling can become a very powerful tool to prevent fraud. Such technologies are now able to confirm a customer’s identity by analysing the unique rhythm of the user when interacting with a web page or mobile device.
It uses measurable data created by user behaviour to verify that the intended individual is using the account. It gathers this data passively during the actions the user is already performing, such as swiping, pressing keys, or entering a PIN code, and compares it to previous sessions.
By leveraging unique behaviour that is second-nature to the user, it makes it virtually impossible to be emulated by fraudsters. Within seven to 10 sessions, the machine collects enough data and behaviours to create a user profile and is able to evaluate consistency. This technology cuts down on the number of verification checks and authentications needed for the user, which are only triggered when necessary.
For example, if someone makes a high-value transfer from an unusual location, then additional biometric authentication will be requested to validate the transaction, such as fingerprint or facial recognition. However, if based on the analysed data, the risk level is considered as very low, then the user will not have to go through extra authentication measures. As this technology is adopted by banks, they will be able to customise the users’ authentication process based on their individual profiles to provide an optimal customer experience for each digital banking transaction.
In a competitive market like the UAE, banks need to be constantly innovating and remain ahead of the technological curve to maintain customer satisfaction and security. The strong popularity of digital banking in the region represents an opportunity for banks to be on the cutting edge of digital security.
By eliminating clunky, difficult to remember and increasingly vulnerable combinations of a username and passwords, banks can open the door to a truly seamless digital customer experience without forcing users to memorise an alphabet soup of passwords and codes.