balancing fraud & customer experience in a mobile world
TRANSCRIPT
© 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
Balancing Fraud and Customer Experience in a Mobile World
November 18th, 2014
Thelton McMillian CEO & Founder
Comrade
Al Pascual Director of Fraud & Security Javelin Strategy & Research
© 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
Can I get the Slide Deck and Webinar Playback?
Yes, of course!
Webinar is being Recorded.
An email link will be sent tomorrow.
The slide deck is available from Comrade.
2
© 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
Today’s Agenda
I. Introduction
II. Common UX Threat to Security
III. The Relationship Between UX and Trust
IV. Reinforcing Security – Brand & Design
V. Improving Identification & Authentication
VI. Customer Defined Controls
VII. The Role of Education
VIII. Recommendations
3
© 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
Today’s Presenters
Al Pascual Director of Fraud & Security Javelin Strategy & Research
Email: [email protected] Twitter: @MindofAlPascual
4
Thelton McMillian Founder & CEO
Comrade Email: [email protected]
Twitter: @comradethelton
The Relationship Between UX and Trust
A brand must generate the trust necessary for users to engage.
To them, the bank is where their relationship is and when that experience seems inconsistent it can lead to mistrust.
Banks that rely on multiple backend systems for payments, commercial services, small business banking, and lending are commonly guilty of providing an inconsistent experience.
Customers expect a trustworthy and seamless experience from their bank similar to that of Amazon, Apple, Uber, et al.
Reinforcing Security with Brand & Design
How to reinforce security with branding & design
• Domains & subdomains that consistently reflect the bank brand
• Single sign-on across web properties
• A unified look-and-feel across platforms (multiple websites)
• A consistent navigation structure that spans multiple platforms
• Content and design that reinforce a “trust”, “security” message
How not to do it
• Abdicate control of your user experience to third-parties
• Approach security and fraud prevention as a check-box
• Develop multiple mobile apps
© 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
Balancing Experience and Fraud
Quick Balance Improves Convenience Without New Risk
7
© 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
Updating the CIP Process for Digital Opening
Traditional - Cumbersome identity validation
process, which includes the manual entry of PII on the part of the prospective customer (especially so on a mobile device).
Improved - Use of a webcam or mobile device
camera to capture information from identity documents, validate those documents, and to perform facial recognition (e.g., Facebanx, Jumio, etc.).
Digital Account Opening CIP Process:
8
© 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
88.5 Million Consumers Applied for a Variety of Accounts Online or Through Their Mobile Device
Percent of Consumers Who Applied to Open Accounts in Past 12 Months
9
8%
13%
18%
2%
3%
3%
0% 5% 10% 15% 20% 25%
Auto Loan
Checking
Credit Card
Online
Mobile
© 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
Improving Authentication Through Design
User Authentication Process:
Traditional - Authentication that relies on static
user credentials, supplemented with knowledge-based authentication for step-up, interrupting the experience by adding friction and contributing to theft/misuse.
Improved – Use of biometrics delivered through
mobile devices to create a low-friction, consistent experience across financial interactions (e.g., account login, payments, etc.).
10
© 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
Apple’s Touch ID is a Prime Example of a Balanced Experience
Mobile wallet adoption has been hamstrung by a POS experience that was often less convenient than traditional forms of payment . Apple Pay w/Touch ID reduced the number of steps in a mobile wallet POS payment, while at the same time introducing strong authentication.
Image courtesy of:
http://www.apple.com/apple-pay/
© 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
Fingerprint Biometrics Most Likely to Increase Online Banking Frequency with Other Modalities Close Behind
Consumer Propensity to Change Online Banking Behavior Due to Authentication
12
11%
12%
12%
13%
17%
0% 5% 10% 15% 20%
Voice biometrics
Facial recognitionbiometrics
Eye biometrics
Account username andpassword
Fingerprint biometrics
Increase in frequency
© 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
Leveraging Customer Defined Controls
Banks spend a great deal of time and energy building behavioral models to spot anomalous, potentially fraudulent activities, yet these models are never 100% accurate. By deputizing the customer to answer a few questions about their projected use of account features and transaction types, banks can disable the activities customers don’t plan to use. This transitions declines from a top-of-wallet concern to a relationship building experience.
13
13
Image courtesy of:
http://www.ondotsystems.com/
© 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
Mobile Business Credit Card Control
KAAYASOFT Examples of account management and fraud control capabilities: 1. Businesses can set
controls for individual card holders
2. Rules include time,
category, location, budget
3. Built-in messaging
enables efficient workflow and approvals
14
© 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
Customer Defined Controls are Generally Unavailable Among the Top 50 Financial Institutions
15
1 in 50 examined banks provide customer defined controls
© 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
The Role of Education: The Security Center
An FI’s “security center” should be readily accessible: 1. From the initial page
of an online site 2. Via the mobile app To be an effective educational tool while also bolstering the FI’s security image.
16
Image courtesy of: https://www.unionbank.com/
© 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
Mobile Security Education and Messaging
Tap-to-play fraud prevention tips, immediately available video within mobile banking app
17
Bank of The West: Fraud Protection Video
© 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
Online and Offline Safety Education is Popular, but Opportunities for Improvement Abound
Adoption Rates of Security Education Among Top 50 FIs
18
48%
64%
92%
0% 20% 40% 60% 80% 100%
Phishing, Vishing, and SMShingeducation
Mobile safety education
General education about online andoffline safety
© 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
Recommendations
1. Deliver a consistent brand and design experience
2. Adopt accurate, low-friction authentication
3. Enhance the account opening process by replacing manual CIP data collection with automated processes and biometrics
4. Empower consumers and reduce fraud through customer defined controls
5. Keep educational material current and at the forefront
19
© 2014 All Rights Reserved. Javelin Strategy & Research, a Greenwich Associates LLC Company
Thank You!
Al Pascual Director of Fraud & Security Javelin Strategy & Research
Email: [email protected] Twitter: @MindofAlPascual
20
Thelton McMillian Founder & CEO
Comrade Email: [email protected]
Twitter: @comradethelton