Marc Vanmaele, CEO of TrustBuilder explains how private banks and financial organisations can best balance the needs of security and user experience as they evolve their IT and processes
The mantra that ‘time is money’ rings true, particularly when your customers are high-net worth individuals. Private banking customers demand simple, flexible and secure ways to access their money. If they find services too difficult to access, they will go elsewhere.
The same rules apply within your organisation. If your staff find it too difficult to access and use the applications and systems they need to do their jobs, they will seek workarounds and shortcuts, unauthorised tools and unsanctioned processes.
Both situations can be a big problem. Losing customers very directly affects business’ bottom line – and, depending on how vocal they are about moving on – reputation in the marketplace too.
Employees who seek workarounds may compromise security, opening up vulnerabilities or weak points in your infrastructure, or fail to complete tasks as required, bringing operations and productivity to a halt. They may be unable to deliver the right levels of service to their customers, which once again impacts revenue and reputation. Furthermore, dealing with problems of user experience – whether inside or outside your organisation – can take up a great deal of your IT department’s time and attention.
Digital transformation: the road to simplicity
Little wonder, then, that businesses in all industries have been encouraged to modernise, improving their services with innovative new features, foregrounding user experience and customer journeys, and developing the most frictionless experiences possible.
This is one of the core goals of many digital transformation projects. Previously manual processes are increasingly being replaced with automation, leading to a smoother user journey and a strong platform for additional innovation and creativity. Organisations such as Google and Apple, with their unrelenting focus on clarity and simplicity for the end user, have led customers and staff in other sectors to expect the same.
This is particularly true in the highly competitive banking sector, where customers are choosing between fundamentally very similar products. Effective digital transformation can transform the efficiency of business operations, levels of customer engagement and operational agility and innovation. It is, very often, the difference between market-leading and struggling organisations.
But ‘frictionless’ can come with caveats. Such processes are frequently less secure than their more cumbersome, multi-stage relatives – precisely because they entail fewer layers of user identification and verification.
In private banking, organisations have to make a choice – add extra security steps to self-service tools, such as a second password or PIN code, and hope that this increased complexity doesn’t lead to a loss of users – or keep the process simpler, and hope that they don’t succumb to a malicious cyberattack or accidental infection.
What do users want?
The best starting point to find a path through this minefield is to consider what users really want.
In private banking in particular, customers want services that are simple to access and take away any cumbersome complexity – masses of small print and industry-specific jargon are rarely welcome since convenience is key. They want to be able to access core information such as account balances on go, using any device they want.
However, for private banking customers, protecting both their money and their personal information is also paramount – after all, these are their greatest assets. It is crucial that they trust their banks and financial institutions – that they believe those organisations take data protection and cybersecurity seriously.
Digitalisation in the private banking sector
In the private banking and wealth management sector, there is an trend towards banks embracing digital transformation to provide a secure and convenient “digital first” user experience for their customers. To this end, Accenture predict that by 2020, at least 35% of market share in the private banking sector could be made over to new entrants who are ‘using digitally disruptive technology’ in the wealth management sector.
It’s important that private banks create smooth user experiences, whatever device the customer wants to use. Customers value the flexibility of being able to access banking services from the multiple digital services that they use.
A survey of high net worth individuals by Accenture found that 70% use digital financial services, and 85% of those use at least three separate devices to access services. The report characterized the majority of private banking customers as “nomads” – a highly digitally active group ready for a new model of delivery. To address these customers’ evolving expectations, private banks must provide well-designed, secure mobile offerings must be made available via smartphones, smartwatches and other mobile devices.
Since there are certain features that are beyond the scope of mobile apps alone, we may soon see the sophisticated investment, tax and estate management facilities that private banks offer integrated into mobile apps via emerging technologies such as chatbots. It’s important that banks ensure the customer has an excellent user experience and is protected by the same level of security on any device used, particularly since smart devices can be hampered by authentication issues that can leave them vulnerable to attack.
Balancing accessibility with secure banking is a challenge that the private banking sector is particularly wary of. The future of private banking lies with those organisations who understand how to ensure that whatever digital infrastructure they put in place is secure as well as flexible. A good starting point is to ensure they have a robust secure single on authentication in place, combined with multiple digital options for customers accessing their accounts via mobile, web applications and APIs, whether they are hosted on-premise or in the cloud.
What are the barriers to digital revolution?
Meanwhile, banking and financial organisations are managing increasingly complicated IT infrastructures. Their services are made up of multiple different applications, many of which are hosted in the cloud with data shared between the organisation and its vendors. This makes providing a smooth user experience challenging – and making it secure, even more so.
Additionally, there is the rapid pace of change in both the technology, the cyber threat and the banking and finance landscape itself to consider. Part of this changing landscape is a desire to enhance customer service and implement these improvements without being constrained by red tape, while competing against challenger banks that position themselves as dynamic, luxury services. This is where the agility and vibrancy of fintech start-ups has been an attractive proposition for private banks.
Challenger banks offer digital-first services designed to attract high net-worth customers. To remain competitive, traditional firms are increasingly collaborating with fintech firms who have the expertise to deliver banking services on a large scale.
Almost 80% of banks are now collaborating with fintechs to deliver cutting-edge services, according to McKinsey Panaroma. The open banking directive, PSD2, has encouraged these partnerships and will continue to do so. However, this presents its own challenges as sharing data with third parties requires robust security and third-party risk management procedures.
This is why next-generation Identity and Access Management (IAM) services have such a crucial role to play in the banking and finance sector. They help organisations to not only strike the right balance between user experience and security, but also, critically, to maintain that balance as the organisation’s services and systems continue to evolve.
Such solutions incorporate the next evolution of multi-factor authentication (MFA) systems, which demand additional layers of verification before or after the user enters their login details. At present, this extra step will typically be a second password or an SMS code sent to the user’s mobile device. Such steps add some security and peace of mind – but these particular methods disrupt the user journey and can be easily compromised by cyber criminals.
The most effective IAM solutions take a more intelligent – and a more user-focused approach, thereby helping organisations to tread that fine balancing line. Along with enabling the latest secure MFA methods like those requiring a hardware token, they consider a range of different factors when verifying each user request, such as where the user is located, the time of the request, and whether the device itself is recognised. They also provide a bridge between different environments, allowing seamless access while keeping intruders out.
In turn, this allows organisations to offer a genuinely intelligent and ever-improving security service to their end users, demonstrating how seriously they take data protection, whilst automating that security behind the scenes and therefore smoothing the customer journey as far as possible.
It is essential to choose an IAM solution that is highly flexible, able to keep up with the pace of change and evolve along with the organisation in question. However, in doing so, private banks can take a genuine step towards balancing smooth service provision with watertight security – and embracing digital transformation, securely.