Paul Inglis, General Manager, EMEA, Ping Identity
Financial institutions operate in one of the most heavily regulated industries and strive to go above and beyond to deliver value and security for customers. The sector is built on personally identifiable data which remains under continuous threat of data breaches. As a result, the job of reassuring customers that their money and credentials are secure is never done.
While people may have certain opinions on the ethics of bankers, operationally, there is a lot of trust from the public in the institutions. They have a reputation for upholding multi-year or lifelong relationships with customers. Our latest global survey of over 9,500 consumers revealed that 61% trusted banks and financial institutions more than any other that they interact with. And, a third of consumers from the same survey would also consider linking their digital wallet with their credentials to verify their identity to use personal banking and insurance services as a means of passwordless authentication for greater convenience.
It makes you wonder what the financial space is doing differently to others to keep customers open-minded. As physical cash diminishes and mobile banking becomes a necessity, banks are implementing new ways of making finance management more convenient. They have trained consumers on passwordless authentication, offering facial recognition, fingerprint, and one-time passcodes as ways of verifying identities and simplifying access to our money. People are gradually being weaned off passwords in the process and realising there are more secure options out there. For so long little has been done to rectify the frustrations so many of us routinely go through when locked out of other online accounts because we forgot our password. Consumers are creatures of habit, and in the cases of sorting our utility bills, healthcare appointments or general website use, we often opt for weak passwords full in the knowledge we could be hacked. Thankfully though, most of us take our banking security seriously and are open to having a more frictionless experience.
The evolving trust dynamic
Despite the improving level of trust in financial services, organisations cannot become complacent in their day-to-day security practices. A long-term strategy should be put in place to strengthen confidence and security simultaneously. One thing that would help immensely would be to embrace the goal of eliminating passwords altogether. Time and time again hackers claim control of an account to steal credentials through phishing campaigns. Phishing represents a significant proportion of fraudulent activity taking place in financial services, with a third (32%) of consumers receiving messages seemingly from their bank or building society in 2022. Realistically, the issue needs to be contained at the source.
Stronger defences can protect people from being tricked into letting their guards down and passwords be stolen. By encouraging financial institutions to adopt a passwordless system, unauthorised access can only be made if threat actors can fake the exact keystrokes, physical location, and facial biometrics of a user all at once. At the same time, consumers can benefit from the seamless online experience they have come to expect, without being asked to input a password. This reduces the risk of compromise and further improves overall trust.
Striking the right balance between security and convenience is the challenge organisations need to get right, and perhaps we are starting to see this in practice. Heightened security measures have resulted in digital experiences being flooded with identity checks. These obstacles can prevent less innovative organisations from providing a seamless experience for expectant customers. That is why three in five consumers have abandoned an account or online service due to becoming frustrated with the login process.
In a world where consumers are dependent on online services – to do everything from opening a savings account and making payments – convenience is paramount. The level of security resistance customers feel happy with decreases as they become better accustomed to enhanced digital experiences. Digital wallets are a great example of this in practice. Consumers want to access the digital world simply and safely without needing to log in constantly. The ease at which people pay with Apple Pay or Google Wallet has helped to set this new standard. Having our credentials, like our date of birth, stored alongside payment methods acts as a form of validation, helping to further improve the buying experience and keep it secure.
Transition to more seamless identity technologies
Financial institutions have become trust leaders. They show continual innovation in the growing set of online services on offer and instil confidence in consumers to try alternative forms of identity management in the process. It might be some time before customers fully accept passwordless authentication as their means for accessing financial services, but an inclination towards digital wallets in verifying identities in personal banking and insurance indicates positive progress is being made. It is crucial organisations build on this sentiment with a strategy that enhances the authentication experience while minimising the chances of compromise from the primary source of vulnerability: the password.
