Balancing customer experience and security risks in financial services

Financial institutions had a slow progress when it comes to digital change. Ekata’s Spencer McLain uncovers several ways to stay ahead of fraudsters and optimize the digital experience for customers

Today’s financial institutions face a rapidly evolving landscape of security challenges. From keeping compliance with regulations such as the European Union’s General Data Protection Regulation (GDPR), to defending customers against ever-growing sophisticated fraud attacks, the financial services industry has to stay vigilant when it comes to security, while providing their customers exceptional digital experiences that balance consumer expectation, speed, and data privacy.

Meeting the increasing consumer expectations

It’s no secret that digital has disrupted the traditional notion of customer experience, and modern companies are pressured to meet the rising demands of the everyday consumer. With growing trends such as one-click checkouts and instant delivery, there is a variety of new factors that influence the customer experience that go well beyond just fulfilment of goods and services. Along with convenience, delivery, and ease-of-use, businesses must also consider data security, consumer privacy, and brand trust when optimizing digital experience. In the recent Vanson Bourne report, Infinite Want: Consumers Demand Speed and Security in the Digital Experience, research shows that 92% of participants “highlight trust (of companies) as an issue that is increasing in its importance to consumers.” To maintain a competitive advantage and upgrade the lifetime value of their customers, companies must take all these factors into consideration to differentiate themselves across all aspects and stages of the customer journey. 

Growing responsibilities for financial institutions

In particular domains, such as financial services, that have been historically slow to adopt digital change, adapting to these trends in consumer behaviour and expectations is a must. Mobile usage and digital service offerings only continue to grow, and consumers expect financial companies to deliver modern experiences that are fast, frictionless, and provide immediate gratification and fulfilment, similar to the ecommerce shopping experience. No longer are these expectations confined only to ecommerce; customers expect financial institutions to provide robust security measures when protecting their personally identifiable information (PII) from potential malicious attacks and data breaches. In most cases, consumers believe the responsibility for avoiding fraud actually lies with the companies that have access to their personal data. With this responsibility on the shoulders of financial companies, they must take proactive measures to protect consumer data, not only to meet regulatory compliance but earn trust and prove value to their customers.

Using emerging technologies to fight fraud

While new technologies emerge to deliver customers more modern experiences and enhance payment solutions, fraud attacks and scams are becoming equally as creative and more sophisticated. Fraud types like account takeover (ATO), loan stacking, and synthetic identities, expose financial institutions to a rapidly growing list of security threats. Information security teams need to find ways to manage the full lifecycle of risk for their customers — from account creation to transaction processing. Faster turnaround times and higher processing rates create more vulnerabilities within every touchpoint in the customer workflow.

Additionally, as financial institutions continue to move to cloud environments (private, public, hybrid, and multi-cloud), visibility and control over assets and operations can be lost. In today’s cross-border and global economy, these companies work with a host of cloud providers, and traditional security measures such as encryption and web application firewalls (WAFs), are not enough. Financial institutions need to leverage innovative solutions to secure their data assets and applications, through cloud provider existing frameworks and additional protocols such as hashing. Hashing provides security for data with encryption both at rest and in transit, and stays compliant with an organization’s policies and regulatory requirements.

Taking a proactive and predictive approach

Financial companies must take both a proactive and predictive approach to stay ahead of security threats. While traditional financial institutions may not have the flexibility to change practices and re-architect cloud systems easily, IT teams need to consider all attack scenarios and unpack them to incorporate layers of security into their back-and front-end technologies. With the growing democratization of machine learning, financial institutions can add smarter technology to extract valuable insights from historical information and build fraud models to better understand and predict both their good consumers’ and attackers’ behaviours.

It’s been said that “for evil to succeed, all it needs is for good men to do nothing.” The same can be said when it comes to security within a financial organization. Whether it be conducting assessments on applications during the software development lifecycle, understanding where consumer data is flowing throughout the organization, or penetration testing to evaluate overall system security, it is everyone’s responsibility to work together to protect customer information and make sure it doesn’t land in the wrong hands. Being good stewards of consumer data and ensuring trust upfront will only lead to greater satisfaction, experience, and loyalty for both financial institutions and their customers alike.

About Spencer McLain

Spencer McLain is Ekata’s Vice President and General Manager of the EMEA region. He leads Ekata’s international expansion efforts and owns key relationships with card brands and payment service providers. Spencer supports multiple fraud platform partnerships, collaborates with Product Management to improve Ekata’s API products to ensure that they provide maximum lift in risk models and/or rule-sets, and acts as a key liaison to complex data customers who require specialized testing/analysis.

About Ekata

Ekata provides global identity verification via enterprise-grade APIs and a SaaS solution. Our product suite is powered by Ekata Identity Engine, the first and only cross-border identity engine of its kind. It uses complex machine learning algorithms across the five consumer attributes of email, phone, name, physical address, and IP to derive unique data links and features from billions of real-time transactions within our customer network and the globally sourced data of our graph. Businesses around the world including Alipay, Stripe, Airbnb, and Microsoft use our solutions to approve more good transactions, reduce friction, and find fraud.