mobile - https://www.flickr.com/photos/chrisjl/4751558220

Six Factors to Facilitate Convenient Authentication for the Mobile Banking Revolution

May 1, 2024         By: Bob Olson and Terry Hartmann

Recently a friend had to explain to her child the purpose of a fixture in her guest bathroom. Built in the early 90s, her home still sported that badge of telephonic luxury – at least one phone jack conveniently mounted in every room, including the bathroom. The child just shook his head.

Yes, no matter how convenient things get, it’s never enough. That was true in the ancient 90s, and it’s true right now. Today your phone conveniently lets you conduct many of your ordinary small-dollar transactions without carrying cash or even taking your wallet out of your pocket or purse. Just tap your device and all is good.

But is mobile banking keeping up? Despite remarkably rapid advances, if banking offers less convenience than customers experience in other parts of their lives, then the answer is, “no, not quite.”

What astonishes and thrills people one moment becomes their basic expectation the next.

Where does mobile banking need more convenience? Ask yourself, what’s the very first thing customers want in the physical world? They want to be recognized. The digital counterpart of recognition is authentication. And authentication remains far from convenient.

Today, a customer accessing his bank account has to go through the same rigmarole every time he or she shows up: a PIN number, a password, or answers previously submitted to memorable questions.

And for some providers, a person has to carry around a card reader, a token or a key fob in order to perform a combination of PIN and passcode to get authenticated. But when you’re out on the go on your mobile device that can be a nuisance, especially when compared to simpler, non-banking mobile transactions.

The solution? Other authentication factors where the bank takes what it already knows and applies it to the transaction.

Here are six factors that can give you greater confidence in your authentication, and all can be done without pestering the customer for a single thing:

 

Know where your customer operates

You can derive rich information for validating the customer just by knowing where the access request is coming from: what IP address, what GPS location, what mobile cell site. Since you know where your customer lives and works, if the transaction is attempted from that area, there’s a high probability it’s genuine. Moreover, you can map location information against time of the day or day of the week to build out the customer’s behavior pattern, giving you even more probability for next time.

 

Identify the device

Regardless of the device a customer uses to access his or her bank account, the device is identifiable by its unique address on a computer network. When you combine that address with the device’s hardware and software configuration plus other information revealed by cookies, collection drivers or agents, you have the ingredients for a digital device personality that can be used to validate the customer.

 

Learn the customer’s patterns

Another thing you know is that people are creatures of habit. They tend to display consistency in when they do what they do – time, day, week. It’s natural for them to fall into consistent behaviors around their mobile bank activity. When a customer is operating in what you have determined to be their habitual periods, then that is part of a validating picture. But if a highly unusual situation arises, that should trigger a higher risk to be added to the full picture. Again, this is about assembling multiple factors, not over-relying on any single factor.

 

Track the customer’s journey

Mobile customers tend to take a journey, unique to each, when they access their bank accounts (where they go, how long they stay, how fast they click, what they search for). They also display unique characteristics on that journey such as their typing rhythms (speed between characters, pressure, linkage between keys) and interacting with touch screens (pressure, swipe speed, acceleration). These factors can be measured to create a usage profile that is distinctive to each user.

 

Learn their bio identifiers

Smartphone users worldwide are expected to exceed 2 billion by 2016 – that’s 29% of the entire global population! A pool that large offers a rich source for biometric capture capabilities like fingerprint scanners, iris scanners, facial and voice recognition. Wearables are coming, too, including devices that can let you identify your customer by his or her heartbeat. When you can authenticate your customers by their biometrics, access can be granted almost instantaneously, which is about as long as customers expect to wait these days.

 

Learn their social network characteristics

You can learn immensely useful information by social listening. If a customer is linked to a large number of people whom your bank recognizes as having high trust/low risk scores, that’s a good indicator about the customer’s risk. There’s still work to be done on verifying the legitimacy of profiles out there, but this is fast becoming a key source of information and another opportunity to improve the customer experience.

To use these multiple factors successfully, the bank needs to find the best of packaged applications, where the innovation, securitizing, and other hard work has already been done, and then enhance them for quality and user experience. That means taking a full view of all of the available factors, and then creating risk factors that balance risk with confidence along a spectrum, instead of binary “authentic/approved” or “unproven/denied.”

It also means providing a simple enrollment process as well as life-cycle management and automated workflows. Your bank will need a carefully calibrated risk engine that creates risk-weighted scores for each of the authentication factors relative to the size or value of the transaction involved. With a customer who wants to just check his account balance, you can tolerate a little risk, but if he wants to transfer thousands of dollars, you can tolerate almost zero risk that they are not who they say they are.

Remember, this isn’t just about consumer banking. The same customers who use mobile devices for their personal accounts want to use them to do business with your small business, corporate, wealth, asset management, and insurance lines, too. Show them you know them by improving your authentication.


Mr. Olson is Vice President, Global Financial Services and Mr. Hartmann is Vice President, Industry Applications for Blue Bell, Penn.-based Unisys Corp. They can be reached at [email protected] and [email protected].