Last year in the U.S., over 500 million financial records were hacked and over half of the U.S. adult population had their data stolen. "We're in a day when a person can commit about 15,000 bank robberies sitting in their basement," said Robert Anderson, executive assistant director of the FBI's Criminal Cyber Response and Services Branch. Data breaches are occurring at banks, on the web, in consumer brand databases, and deep within government databases. As the barrage of attacks on consumers continues to grow, banks are stepping in and improving their security measures. But, will these measures provide enough security to keep customers safe and happy?
A recent Accenture report claims that “in North America, 86 percent of consumers trust their bank over all other institutions to securely manage their personal data…however…nearly 80 percent of bankers strongly agree that they are exposed to more risks than they are equipped to handle as a digital business.” What does this mean for banks looking to improve revenues? They must identify and eliminate every potential security risk and deliver highly secure mobile, online, and physical customer experiences. Even one small data breach could destroy transactional trust and cause customers to bank elsewhere.
Transactional trust is different than trust in bank brands. Customer trust in bank brands has suffered immensely since the financial crisis. Customers simply do not trust banks to act ethically and responsibly en masse. However, when it comes to bank transactional trust, consumers fully expect security, ethical action, and competence. PwC reports that “customer relationship primacy is the new source of value in banking…driving increased share of wallet leading to higher revenue generation from the customer pool.” Simply put, if banks want to increase revenue and market share, they must strengthen transactional trust by improving security.
Physical, Mobile and Online Banking Threats
Data security threats come in many forms, both physical and digital.
Mobile devices contain significant amounts of user data including account passwords, location data, interests and hobbies, photos, credit card details, contact details, chat and call logs, and calendar events. Physical threats are difficult to protect against however steps can be taken to lock down a device that has been lost or stolen. This report from Deloitte shows how effective data scraping/theft/recovery from a locked or unlocked device can be.
ATM’s, kiosks, and payment points also present physical risks. Information can be copied or intercepted during swipes and transmissions. Residual ATM’s heat signatures left on keypads and touchscreens by fingerprints can be read and lifted post transaction.
The wealth of information available via mobile, cloud, on social media platforms, and consumer tracking services is staggering. Malware attacks, phishing schemes, and man-in-the-middle scams can easily score account information, passcodes, personal identifiers, and transaction information from payment processors, merchants, consumer brands, marketing companies, and financial institutions.
Trust and User Experience are the Keys To Customer Happiness
“Mobile banking is an environment. It’s an experience,” says Jason Falls, SVP of Digital Strategy at Elasticity. Banks have started to realize that they must design attractive user interfaces and experiences, while at the same time building trust by delivering security in all actions and transactions. Recently, Bank of America announced a redesign of its mobile app, which included a new Spanish-language feature, credit card awards, and credit scores for their 20 million active mobile users. While UI/UX improvements are making great strides, they are also providing a pathway to entirely new data sets stored on mobile and online platforms. To combat these threats (and the threats listed above), banks are launching new mobile app and online security features to try and stay ahead of the criminals. Here are a few of the most recent breakthroughs…
Trust Building Technology Basics and Breakthroughs
Wells Fargo recently launched “Mobile Wallet” which essentially allows customers to use their mobile device (with appropriately stored credit card and debit card information) to make payments at mobile payment spots. Wells Fargo credit cards, debit cards, and prepaid cards all come with 24/7 fraud monitoring and zero liability protection which means that customers aren't responsible for unauthorized transactions. Fraud monitoring and liability protection comes standard on most credit cards and large scale banking products today and remain a necessary security staple that customers have come to expect.
Biometrics for Mobile Devices
Biometric authentication scans a user’s body part or multiple parts of a user’s body (such as fingerprints, voice, face, eyeballs, etc.) to identify and authenticate login. Biometric authentication (proving a user is who they say they are) and identification have significantly improved over the last few years. Biometric security protocols allow users to transact seamlessly on a device and platform, relieving customers of the need to remember passwords and PIN numbers. As a common example, most large banking institution apps utilize the Apple iPhone fingerprint reader to authenticate mobile login.
In addition to device based biometric scanners, MasterCard and Zwipe have developed a payment card with a built-in fingerprint authentication sensor. Barclays has been using voice authentication since 2013. And Nuance Communications has deployed voice recognition technology in several large scale bank call center environments and uses more than 100 unique identifiers to identify a speaker.
Behavior Based Biometrics
Tracking body parts provides a greater level of security than a PIN code, but the next frontier of biometrics may be in user action and behavior tracking. In-device accelerometers and sophisticated movement and action tracking software can now authenticateusers via their typing patters, pauses in typing, walking patters, and click through behavior. These matching softwares also track and match device geolocation data, helping authenticate users by tracking travel and location visitation history.
The R3 Consortium and the Future of Data Security and Integrity
All of the innovations mentioned above currently provide bank customers enhanced security. But, what does the future of data security look like? The R3 banking consortium is focused on building a future of intelligent cryptographic technology applications and distributed ledger-based protocols. We’ve covered blockchain innovations extensively in past posts, but it should be noted that R3 and other distributed ledger innovators are supplanting the need for trusted third party institutions all-together by providing verifiable and distributed data to the network. Essentially, data integrity will minimize the need for data security. Entries made on the blockchain are double key encrypted and are immutable (can never be changed). These measures help to keep certain data private, while publicly and permanently recording any illicit transactions. While a full bank system grade ledger is not yet operational amongst the big banks, keep an eye out for non-currency based blockchain innovations that could disrupt the idea of data security all-together.