sCX: How user experience and security go hand in hand

Frank Hamerlinck
Mar. 4, 2020
SHARE

 “Security is always excessive until it’s not enough.” This often-cited quote holds true for any industry, but even more so in the retail banking space.

 

How user experience and security go hand in hand

A security problem can cause a lot of damage to a financial institution, especially if it’s a data breach that leads to nice headlines in the press. Trust in banks has gone south since the financial crisis and combining customer experience with airtight security is key in boosting banks’ reputations. Secure customer experience (sCX) will be the defining factor in deciding the winners and losers in retail banking.

Security has only grown in importance for those in financial services and will looks set to continue. According to market research studies, one out of four malware attacks in 2019 were directed at banks. No other industry suffers that same fate. It is obvious that cybercriminals will target businesses that are money-oriented, of course, and every player in the financial market is taking precautions against security breaches. Recent developments are ensuring that the IT security budgets at banks are growing in importance every year, further depleting the razor-thin margins banks are operating at.

PSD2 and other regulations

For starters, banks are being forced to open up. Regulations such as PSD2 are demanding banks give third-party access to their payment infrastructure and customer data. Doing this offers more choice to customers, opens up the financial market to non-financial players and increases competition. A positive evolution. Yet, the need for exchanging information between applications through Application Programming Interfaces (APIs) creates extra vulnerabilities that need addressing. According to recent research, the percentage of attacks that targeted APIs at financial institutions rose sharply between May and September 2019, at times reaching 75%.

Ecosystems flourish

Secondly, retail banks are building ecosystems with IT partners in order to offer customers more services, even non-finance related. Presenting a broad range of services helps drive loyalty in an era where switching from one bank to another is getting simpler by the day. APIs are key in setting up these ecosystems, demanding even more protective measures.

Customers going mobile

Thirdly, there’s the digitization of the way consumers interact with their banks. To a bank’s customer, the advent of smartphone apps that offer a wealth of services seems like the best invention since sliced bread. Digitization had completely changed the relationship between a bank and its customers. How often do you still visit your bank? And how often do you do banking business through your mobile? That ratio has completely flipped over the last decade. Mobile banking was a major step forward in offering a great user experience in the financial world. On the other hand: insecure connections, user sloppiness with credentials, the loss and theft of phones …. even more reasons to step up security.

Customers demanding consistent experiences

Last, and certainly not least, is the demand from customers for a seamless experience. Consumers want ease of use and consistency across different banking channels and across the different journeys they engage in with a bank: onboarding, performing transactions, resolving problems, etc. Consumers want to take the lead in deciding what they do, when and where to do it, and how to deal with data protection. Self-service is the order of the day, and consumers don’t want to conduct business only during opening hours.

Platform requirements

It’s clear that Identity and Access Management (IAM) plays a crucial role in marrying data security with user experience, thus allowing of a secure customer experience. Here are some of the capabilities and features to look for in an IAM that offers the best of both worlds, without making your development budget go through the roof:

  • Integration of business rules and business logic into the workflows;
  • Attribute-Based Access Control (ABAC) to support changing requirements, environment, partners, etc.;
  • Prebuilt connectors and templates for fast deployment and short development cycles
  • Open platform, easy to customize;
  • Centralized policy management;
  • Support for Bring your own Authentication (BYOA), single sign-on (SSO), Password-less authentication, Step-up authentication, Biometrics, Social login;
  • GDPR compliance, allowing users to give and revoke their own consent for sharing personal data towards applications.

Are these indeed some of the requirements you are looking for? Then let’s have a chat and see how we can work on improving your sCX.

As co-founder of global trade management leader Porthus, customer experience platform NGDATA, and strategic consulting services company innacco, Frank embodies the entrepreneurial mindset. His 20+ years of ICT experience is complemented by his position as ‘Entrepreneur in Residence’ at iMinds and coach at Netwerk Ondernemen.

Related articles

IAM: do it your way

IAM: do it your way

Can you have your cake and eat it? Can you offer clients a great customer experience without compromising security? Can ...

Read more
Frank Hamerlinck is new CEO at security specialist TrustBuilder

Frank Hamerlinck is new CEO at security specialist TrustBuilder

The Belgian security specialist TrustBuilder has appointed Frank Hamerlinck as CEO. Hamerlinck has a long track record ...

Read more
Building your third-party ecosystem, fast and secure

Building your third-party ecosystem, fast and secure

Do you have a pond in your garden? Or a small stream running through your property? Then you have probably noticed how ...

Read more

Ready for a demo?

Book a demo
trustbuilder-demo