Finding the UX Sweet Spot for Online Banking
Digital banking applications and portals have often had to deal with a dilemma: should access be more secure or more convenient? It has been a difficult needle to thread — more security often led to greater friction for the user, while more convenience exposed their identity and account to theft.
Fortunately, it’s getting easier to solve that dilemma. More transparent, user-friendly authentication approaches make it simpler than ever for customers to seamlessly access their information and transact digitally. There’s now little reason for customers to sacrifice their convenience, or for banks to compromise their security.
The key is to secure access without being invasive to the user — this results in a significantly better user experience (UX), helps to retain customers, and protects everyone from data breaches or account takeover. To be competitive in a changing landscape, banks must implement seamless identity verification and adaptive authentication processes.
Mobile Apps Are Driving the Banking Journey
We’re increasingly seeing users migrate away from website-based online portals towards self-contained mobile banking apps. They have never had more options, as regulations like PSD2, CMA9 and Open Banking are driving development and making apps more secure and accessible. In fact, some users say that the UX of a mobile app is part of what determines which bank they will use.
Multi-Factor Authentication Helps Banks Provide Convenience and Security
If you want a UX sweet spot for users interacting with banking apps, then multi-factor authentication (MFA) is the answer. MFA typically uses a combination of at least two of the three factors listed below:
- Something you know, like a password or PIN
- Something you have, like a security token, a bank card, a mobile device or the computer the customer uses
- Something you are, like the biometrics of the user (facial, fingerprint, vein or voice), or how the customer interacts with the device from which they are working, typing speed, pattern in key press intervals, mouse movements, screen pressure or even tilt angle on a mobile device (behavior metrics).
The key to a great user experience is to make the customer’s banking experience as seamless and frictionless as possible. We help banks deliver this by identifying the customers device without requiring their interaction while also determining the level or risk in order to determine which method of authentication is appropriate for the type of transaction the customer is performing.
Smart, Adaptive Authentication Algorithms Keep Banking Apps Secure Without Frustrating Users
Balancing security and convenience is best achieved with adaptive MFA. Adaptive MFA uses an algorithm to request greater levels of authentication for a user based on certain criteria. The key here is that information security managers can seamlessly adapt the authentication method based on the level of risk to ensure the best possible UX.
- A user logs in from a new device, and adaptive MFA requires a code from an SMS message or push notification through an app
- A user logs in from the same device as usual at the same time as usual, and adaptive MFA requires them to simply enter their username and password
Swipe to Authenticate or Verify Transactions From Your Mobile Device
Since mobile is becoming the primary method for consumers today, it is important for banks to consider mobile push notifications through a mobile app as part of their adaptive authentication strategy.
HID Approve™ is the next generation mobile MFA solution. It delivers a simple and secure way for users to authenticate their access requests and verify their transactions — all with a simple swipe gesture. This could be integrated in the bank’s already existing mobile app by simply adding the functionality using an SDK, or using an additional app that can easily be downloaded to the user’s device. HID Approve offers:
- Trusted Identity — Assurance that the person taking the digital action is the person authorized to do so
- Seamless Experience — The user interface is simple, intuitive, and powerful
- Additional Authentication Methods — Generate a secure code one-time password to authenticate in place of a push notification. Soft token capabilities are included in HID Approve and are available on Apple iPhone, Android and Windows 10.
- Flexible Policy Customization — Fine-grained security policies enable organizations to strike the appropriate balance between security and usability
- Easy Rebranding — Organizations can easily brand the icon and interface with their own logo and color schemes
- Robust Security — Security best practices, backed by third-party penetration tests along with government certifications such as FIPS140-2 and independent audit reviews, with runtime application self-protection
- Compliance — PSD2 compliant for Strong Customer Authentication
Listen to our UX Sweet Spot podcast.
Paul Jones is Senior Director Global Strategy and Product Delivery for the IAM Consumer Authentication business unit of HID Global. He has significant IT security industry experience supporting banks, government institutions and enterprise customers around the world successfully implementing identity assurance, secure authentication and digital signature programs. Paul has held roles from Lead Architect and Program Manager to Director of Professional Services, providing him a unique and in-depth understanding of customer challenges.