Security - worth paying for in a digital world?

When performing their daily banking routines, customers don’t want to be bothered by complex security features and authentication procedures. Today, they expect simple and fast user interfaces and often take for granted that their financial resources are protected. However, at the UK’s leading FinTech event last month, a question was posed on whether security should be paid for, like how we pay a premium for our home security systems every year. As important as security is for creating a seamless customer journey and user experience, should customisation be offered to suit each customer’s needs? Could security as a service (SECaaS) drive the future for personalised customer experiences in financial services, and should the customer pay extra for more sophisticated protection?

In today’s cluttered financial services landscape, where products offered by most banking providers are very similar, consumers are spoilt for providers but not with choice. Heritage financial institutions are diversifying their portfolio and new challengers entering the market, like Starling in recent weeks and Atom earlier this year, offering alternative versions of core banking products.

Every little bit helps when banks are trying to differentiate themselves. Banks such as Capital One and Vietnamese Timo (Time Is Money) are basing their entire operations around the nurturing and taking care of the customer, delivering their services with a cup of coffee to attract new business and prevent churn.

Though less visible than front office customer interactions, cyber security is a vital part of the customer experience. Protection of both funds and sensitive personal data is often taken as a given, until a breach occurs. A breach is disastrous to any banking institution, especially legacy banks whose main strength is that they are regarded as more trustworthy than newer, technology-driven disruptors. Trust from customers and investors can be tough to repair and cause real financial damage. When JP Morgan Chase experienced a data breach in 2014 the company’s shares dropped 1.1% following the news and the company’s value was down 1.3% two months after the announcement.

However, as the way we bank continues to evolve and more processes move onto digital platforms, the cost of technology to protect data and respond to regulatory demands is putting financial institutions under pressure. According to a report by Capgemini, worldwide spend on compliance technology will rise to nearly $100 billion by 2018.

Security should be reliable in the applications provided by financial service companies from log-in to payment authentication. Whether the customer has a hectic urban lifestyle or located in the countryside, far away from bank branches, on-the-go banking is now a natural part of our everyday lives. In London, the 7.01am commuter train from Reading has become the busiest bank branch as commuters try to fit banking into their schedule as they head into the City. SECSaaS could offer customers the choice to scale security based on expectations, while helping banks reduce costs of keeping up with the complexities surrounding adequate data governance and ward off cyber attacks in an increasingly digital world.

To have a better experience, users are requesting more openness and insight into banking services and continue to identify areas of improvement in traditional banking processes. The hype around blockchain technology and its potential uses for authentication and verification of transactions speak to a desire for transparency in banking.

End-to-end visibility of transactions was named as a main trend for the future of banking at the highly regarded FinTech conference, as this is a security process with direct impact on the customer experience for financial services on web and mobile. Open banking APIs can bring this transparency for banking, moving on from the notorious days of an industry run by the ‘old boys’ club’. In the UK, the Competition and Markets Authority has issued an order for Barclays, HSBC, Nationwide, Santander, Royal Bank of Scotland, Lloyds Banking Group, Danske, Bank of Ireland and Allied Irish Banks, to adopt common API standards by the end of Q1 2017.

Another aspect of authentication which needs to be simpler is identification. As banking moves into the digital sphere, proving your identity with paper documents and plastic cards becomes a hindrance to fast access to financial services, critical to those who are new to a country. Biometrics, such as fingerprints or iris recognition, is an exciting field for customer focussed developments for identification options. Barclays is rolling out voice biometrics at its call centres to simplify identification and Mastercard is now accepting selfies as ID for verifying online payments.

For all these processes, security is at the core.

Ownership and responsibility over security in the FinTech world is still being decided and regulations in this area are nascent. This is a great opportunity for banks to step up and lead. Who will be brave enough to do this?