Financial service firms need to protect customer information not only because they are entrusted with a customer’s personally identifiable information (PII), but also because a breach of that trust can mean more than the loss of a customer’s PII data. It can mean a loss of assets in a financial account, loss of trust from not only that customer, but also from other current and potential customers, as well as stiff regulatory fines. But “perfect” security would mean no transactions would be done at all, so there would be no financial services business. Even extremely tight security can impede transactions and CX. It needs to be a balance.
In the recent Information Media Security Group/Appgate 2021 Faces of Fraud survey, 69% of respondents said CX was the greatest priority facing their financial institutions today. Thirty-one percent said fraud prevention was the greatest priority.
Below are a couple of best practices for financial institutions to help balance fraud with the need for great customer experiences.
Know Your Customers
Financial institutions need to adhere to Know Your Customer (KYC) rules: "Every member shall use reasonable diligence, in regard to the opening and maintenance of every account, to know (and retain) the essential facts concerning every customer and concerning the authority of each person acting on behalf of such customer.”
This includes doing things like verifying a customer’s identity when opening an account, monitoring transactions (particularly ones exceeding $10,000), etc.
By going further to know a customer’s typical transactions, preferred channels, etc., a financial institution can provide better CX while also reducing fraud (i.e, flagging out-of-band transactions), said Christopher Schnieper, LexisNexis Risk Solutions director of fraud and identity.
"There is no question that customers today are becoming more digital. Customers are, however, interested in not just a convenient experience, but one that is safe and does not expose them to fraudsters and malicious activity,” Schnieper said. “In today’s hyper-competitive and digital-first landscape, the ability to provide a better customer experience is becoming the competitive differentiator across all industries. Consumers do not view the brands they do business with as a separate set of access channels. They demand a holistic experience.”
The only way organizations can deliver a consistent consumer experience is by having the most current and complete insights about the consumer's preferences, interactions and behaviors, Schnieper added. For example, a consumer accesses an account with the same device multiple times in a short time period for a low-risk transaction like an account balance inquiry. The organization fails to understand that this consumer is a legitimate client, resulting in repeated security checks each time to validate the customer. Frustrated, the customer abandons the retailer and will avoid this retailer in the future since the transaction risk does not align with the imposed level of friction. The only way an organization can balance convenience and safety is to have a unified view of customer data for a complete view of an identity.
Personalizing Customer Experience
Personalizing CX should be a dynamic process organizations undertake for each client interaction, Schnieper said. Financial institutions can do this by combining internal data such as customer preferences, commonly used channels, device profile with external data such as identity verification, mobile device risk signals and others. The combination of internal and external data can inform the type of interaction the client should have with the organization.
“If the transaction is low risk and does not require much or any interaction, the customer can transact quickly and easily,” Schnieper said. “Additional friction is warranted if the transaction is new and/or may pose some risk to the business or customer. Institutions that incorporate feedback data to manage CX so that it provides a sufficient level of safety while still being convenient (responding to an authentication request in the same mobile app) receive a clear competitive advantage. The consumer realizes they have established trust in the organization which makes them more likely to return.”
Keep Security in the Background
Transparency is key, said Bryan Jardine Appgate director of fraud prevention products. “Customers don’t want to be victims of fraud; they also don’t want their online banking abilities hampered by anti-fraud controls. Rather they want 'no effort' authentication methods. They don’t care if it happens in the background, they don’t want to interact with it. The solution is behavioral biometrics. People who are used to unlocking their phone with the swipe of their finger or by facial recognition want the same experience when banking online.”
“As banks and fintechs innovate to adapt to increasing consumer demands for strong CX in financial services, passwords are out, and new authentication methods are in,” said André Ferraz, Incognia founder and CEO. “Multi-factor methods including one-time passcodes (OTPs), biometric authentication and security keys have been introduced as alternatives. But by adding heightened security, legitimate users of mobile fintech apps now encounter increased and unnecessary friction. With added friction, comes an inferior CX that contributes to customer drop-off and lower retention rates.”
Adding Zero-Factor Authentication (0FA)
While customers care about security and mitigating fraud risk, they care even more about avoiding friction, Ferraz said. “Banks and fintechs should look to provide mobile users with zero-factor authentication (0FA) which works silently in the background to authenticate users, using network, location and device signals. This new form of mobile authentication leverages sensors and technologies on the smartphone to recognize trusted users and is the best way to balance fraud risk and heightened security, without compromising the customer experience.”