Erik Van Der Zee from TrustBuilder shares advice for financial institutions on how to boost user experience by using personas.
Striking the right balance between user experience and airtight security is never easy. But in financial services, this is even more complex. Competition from fintechs and neobanks is showing consumers how frictionless payments and other financial services can be, while regulations and compliance measures are imposing strict security rules on financial services companies. By incorporating the personal model, banks, insurance, and other financial players can offer an extra level of customer experience without compromising security, while also making user management scalable for the administrators.
There is a good reason why the European financial services sector is spending more than 6 billion USD annually on security, more than any other segment of the industry. It’s also the industry that is most targeted by hackers and whose users are more often lured by phishing scams.
The Identity and Access Management (IAM) software industry has borrowed the term persona from the marketing world. In marketing, a persona is an archetype that is used to segment consumers. For instance, people spend a lot of time tending their gardens and may buy expensive equipment to do that. Or wealthy professionals who are retiring and may consider buying a boat or a camper. In IAM, a persona reflects the aspect of someone as a user of a digital system or service and allows these activities to be clearly segregated, for reasons of user convenience and/or for reasons of security. IAM policies can use the selected persona to decide whether certain activities can be granted or not.
This is easiest to explain with an example. A person can be a retail customer of a bank but also hold a professional account of that bank. Someone can have an account at the bank, and at the same time be an employee of that bank. Can have her own bank account but also manage her mother’s finances and bank accounts. In the insurance sector, the head of a family may manage her own dental insurance accounts and those of her three children and husband.
Currently, at most financial institutions, that person will need different sets of credentials for each ‘persona’ they take on: retail customer, professional customer, custodian, and proxy of another person. To switch from one account to another, or – in the case of the insurance – to manage the hospital insurance contracts of all family members – the user will need to log out of one account and use different credentials to log in again. This is far from being user-friendly.
TrustBuilder fundamentally implements the model of ‘every user has one and only one profile’, even if the person has different subscription accounts and even when the person works with different mandates or in different capacities. To enable this, TrustBuilder introduced its persona model. In this model, the person only needs a single profile. She receives different ‘personas’ in her user profile corresponding to the different finance roles she can play. Using TrustBuilder, a user logs in with a single user profile - there is only one, even if the person can act in different capacities or needs different accounts in different systems. At login, the user selects a specific persona or uses their preferred persona by default. Afterwards, and without a new login, the user can switch to a different persona when relevant or required. Even though this happens within the same session of the user, an authorisation policy may state that switching to a privileged persona requires additional authentication, for instance by using multifactor authentication.
From the examples cited above, it is clear that using personas leads to a better customer experience: rather than having to remember different sets of credentials such as username and password for each different relationship users have with a bank (professional customer, business customer, care proxy of a family member), they can now use only one.
This also makes the interactions more secure. We all know what happens when users need to remember different passwords – they simply write them down on post-its or choose very easy passwords. If a different level of authentication is needed for a different persona, step-up authentication can be used.
There are plenty of use cases for personas in the financial services industry. When you delegate financial matters to a relative, the bank needs to be 100% certain that you are allowed to act as a proxy for a third person. Some use cases can be for guardians, temporary power-of-attorney a trustee, or the example given above about a person taking care of an elderly relative financial matters.
Contact TrustBuilder to discuss your business case.
About Erik Van Der Zee
Erik Van Der Zee is a digital identity sales expert. He is passionate about helping businesses and individuals protect their online presence and stay secure in a digital world with convenient solutions that deliver optimal user experience. As an Account Executive at TrustBuilder, he advises organisations on solutions that meet compliance needs while keeping their customers and employees secure.
About TrustBuilder
TrustBuilder delivers frictionless customer experience and airtight security throughout the digital journeys of consumers, employees, partners, and machines. Our SaaS cybersecurity solution allows companies to acquire new customers, grow revenue, and reduce costs. As a European player in Identity and Access Management, privacy and compliance are inseparable in our DNA.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now