Increasing levels of sophistication in the tech used by hackers and fraudsters is making it harder for financial institutions to defend themselves. Malware and phishing scams are targeting the industry, with a particular focus on online lending and mobile banking. Not every attack is being thwarted. Banks, lenders and funds are losing money to fraud and it seems only a matter of time before a substantial attack becomes prime time news. When it does, the institution in question may find themselves offline for days, suffering costs that reach into the millions and reputational damage that could last a generation.
The risk for financial services companies is twofold. On the one hand, there is the threat of attack itself – on the other, public awareness. Customers know that the wrong people want their data and money. So, they are unlikely to want to bank with any institution that isn’t putting the best security technologies on the frontline.
Financial services bodies must provide high security that doesn’t compromise on the customer experience. People want to bank with ease, but also securely. The need to remember complex passwords and cross a number of security checks can turn convenience into frustration. Which is perhaps why we are seeing financial institutions experimenting with letting customers choose a PIN code made up of emojis. The argument is that Millennial users will find these more intuitive and easy to remember than traditional passcodes.
While the emoji example may seem frivolous, it is an example of the ways that institutions are increasingly looking at more seamless and innovative technologies to facilitate account security. It is a frontier that might start with emojis, but also includes bots and biometric technology.
Biometrics in 2016…
While once seen as a future-gazing technology, biometrics is readily used as a security tool today. Fingerprint recognition went mainstream with the launch of the iPhone 5S, and voice, facial and eye recognition measures are becoming increasingly common methods of security.
To use a recent example, Unisys partnered with BehavioSec to produce a prototype for Nationwide’s mobile banking app that recognises how users hold, type or swipe into their phone – and uses that as an authentication method.
These forms of biometric data are all unique to the individual and difficult for fraudsters to replicate. When used as part of a multifactor authentication process, these biometric measures add a layer of security on top of existing methods to ensure that only the customer in question can gain access to his or her account.
However, the problem for financial services companies is that the risk factor of introducing biometrics can be much higher. The regulatory landscape is quickly catching up with these innovations and ensuring that these authentication methods are compliant will become more complex. The revised Directive on Payment Services (PSD2) and the General Data Protection Regulation (GDPR) both introduce measures to govern the biometric data that institutions store on their customers – and the harsh penalties involved if this data is misused.
Institutions must also consider that biometric data, such as fingerprints, is possible to replicate – if the hacker in question has the right technology and determination. Thus the biometric and bot tech that financial bodies use not only has to be sophisticated, but also has to be sufficiently more sophisticated than whatever the fraudsters are using at the same time. It will not be enough to think that fingerprints will do the job, then to allow the end user to get on with it. Instead, banks must look at emerging tech and consider how it can contribute to the security solutions they are duty-bound to provide.
…and biometrics in 2026
The next generation of authentication methods will be driven by biometric pioneers, who are currently looking to make retinal and iris identification standard, and are moving forward with heartbeat, voice, gait and even typing rhythm recognition. All are so personalised to the user that they all but guarantee safety and encryption.
These can be augmented with behavioural data such as user location data. So if a login attempt is made outside the regular location of the customer (for example, not at home or the office), institutions can flag this as suspect. Or if an access attempt is made at a time when the customer is not normally active (say, at three in the morning on a weekday), then banks can have the confidence to intercept and challenge it.
But what about the impact of these technologies on the services users receive?
Future financial technology cannot be all about fraud prevention. It will also have to give users a better experience and save money in real-term cost efficiencies.
Taking that lead, RBS is currently in the process of introducing an AI solution called Luvo to answer customer calls. Luvo is programmed to mimic human empathy and is very much the first step on a path towards more automation and AI in the sector. Naturally, there may be risk of a disconnect between the bank and its customers, but the cost saving rewards are too pronounced to be ignored. The key for RBS will be to get Luvo working alongside its security measures, arriving at a sweet spot of better service and better encryption.
Service and reward
The journey into future technology for financial services doesn’t have a firm stop. Instead, it is a constantly evolving and moving thing, with new products and ideas redefining it all the time. And customers know that.
As such, the onus is on banks and lenders to offer their consumers tech that improves service and gives them peace of mind. The challenge for every institution is to begin the push towards biometrics and bots today, becoming financial market leaders rather than followers.
What tech will make the make the difference in financial services in the next decade? Find out more.