With more digital services users than ever before ($5 trillion dollars have moved online), data security is top of mind for most businesses, especially in the finance industry. More users and more data mean more opportunities for fraudsters to wreak havoc. Are you prepared? Is your customer's data secure?
Fraud: It’s always been there. The banking industry has always been protecting consumers and bad actors have always tried to steal and monetize data. This has not changed. What HAS changed in the last 5 years is that the number of digital services and products has increased and the access to tools and technology have increased - both for companies and for fraudsters. First let's look at the two types of data that a company has access to:
- Historical Data: Information an organization has about their customers based on their history of doing business together. Transaction history, payment metrics, demographic information, account balances, contact information, and more.
- Network Data: Information from outside the organization that helps connect the dots across consumer data -- looking for patterns and insight into behaviors.
Companies collect information and invest in technology that allows them to better analyze and use it for insights to improve their business. Without the advancement in the technology world this would not have been possible. Technology enables us to tackle the problems more efficiently. BUT the fraudsters also have access to the same tech and systems that businesses do. Fraudsters are getting smarter and they are working very hard to create volumes of randomized data and launch sophisticated attacks that we have never seen before. It continues to evolve. Always been there but it’s becoming more complex and challenging. The increase in traffic online means the stakes are higher than ever before.
The challenges we are seeing in data security are because of three things:
- Increased Access
- Innovative Technology
- Increased Expectations from Consumers
We have already touched on the first two challenges, so let's explore the third one facing the finance industry: Increased Expectations from Consumers. Consumers want safety/security AND want instant access to credit. They expect it. They are getting used to instant credit being offered. And they are only going to engage with organizations they trust.
INDUSTRIES GAIN TRUST WITH CONSUMERS WITH THIS FORMULA:
TRUST = CREDIBILITY + RELIABILITY + INTIMACY / SELF ORIENTATION
Companies relay this through their communications design and relationship. Self-orientation as the bottom denominator is important. If an institution is overly self-oriented, that is not building trust. No one wants to see a corporate selfie! More than a dollar value, perception of trust in the organization is most important. If you continue to have that, you increase the confidence that you take security seriously. Brand trust and protection are equally important. You have to ask your self if you have the right decision framework across the customer journey and the customer experience.
Organizations need to make sure that they can protect their consumers data - that it is not misused or leaked on the platform. But they also need to be able to provide quick and convenient access to clients. Security is really a balance between Privacy, Expedience & Convenience. For instance, you are more willing to give up privacy if you can have a more seamless or frictionless experience, a faster more convenient one.
There are three layers of security:
- Something You Know: password, mother's maiden name, pin
- Something You Have: token, key fob, key card, remote control, physical device
- Something You Are: biometrics, face, eyes, fingerprints, etc. Now, companies are starting to use finger and palm veins because they are subcutaneous, so you cannot easily steal them (without chopping off a limb). Get ready for Biometric Identification as Service (BaaS). Amazon is already doing it with Amazon One.
Friction makes mass adoption hard. Apple did us all a favor with the iPhone face unlock – it has reduced the barrier to use biometric data and normalized it so it’s not as weird. However, we are still in the early stages and have to get customer experience right.
Ultimately, customers should have their own data and be able to manage and see what elements they want to share, with whom, and under which context. For instance, on Instagram you might share certain things, but to open a bank account you need to share more. Flexibility needs be created. Some people want to town the data because it can be monetized.
But, who has the right to operate a database of that importance with trust and reliability?
That remains to be seen.