Last month we saw headlines about yet another large online consumer company whose computer systems had been hacked, resulting in potentially thousands of users’ passwords being compromised. While knowing strangers may have access to information on your recent purchases is not comforting, the real worry is when you realize they now also may have enough information about you—including password, address, phone number and credit card or other payment information—to steal your identity.
For years banks have been focused on ensuring customer data and financial security. Online banking posed great risks as it offered the unique opportunity for accounts to be accessed from anywhere in the world. While banks controlled their internal systems, by its nature the Internet is open to all and thus very vulnerable unless special safeguards are put in place. Over time, we have been accustomed to looking for the “s” in “https” which would indicate that the connection was secure.
Mobile banking creates even greater issues, as the very means of communication itself poses risks of being intercepted. There has been much development in the mobile payments arena in the past few years and banks have taken different approaches to solve security concerns. Greater levels of security are also being built in to the new range of smartphones and tablets that have come to market – passwords and data encryption now being available on the device, and vpn (virtual private network) or privacy options more readily found among the basic settings.
In the case of a security breach in a mobile transaction, questions are posed regarding who is responsible—the device manufacturer, the mobile network provider, the mobile merchant or the customer themselves? At the end of the day, the consumer tends to think of their device as a facilitator (of transactions and communication), while they perceive the merchant or other company they interact with as being ultimately responsible for keeping their data and transactions secure.
Consumers are looking for simplicity and may often be ignorant of the risks they are taking. Over time they have built up trust of certain online websites and merchants through ratings systems or customer feedbacks that are made available for all to see. But they expect the highest standards from their banks when it comes to keeping their financial information and funds secure.
Banking organizations such as the European Central Bank and the Federal Financial Institutions Examination Council in the United States have developed guidelines for the industry. Banks have responded by enhancing security across their multi-channel platforms. Customer authentication online now goes beyond a simple four digit pin. It may include answers to preset questions, picture association and use of a changing onscreen keypad for code input. The device used to access an account may also be registered as an allowed device or require a second form of identification (e.g., temporary code sent to the customer’s phone or email account) before proceeding. This out-of-band authentication (where a different device is used than the one that initiated the transaction) is increasingly being used. Mobile devices offer the additional possibility of including voice authentication as part of the multi-factor identification.
Voice recognition technology has come a long way, as can be seen in the success of Apple’s Siri or Nuance’s Dragon speech recognition software. Banks could take it a step further by matching the voice on a mobile device to a voice profile on file for a particular customer. Some banks are actively testing this approach today. While you can imagine great results in a controlled environment, such as a sound studio, real world usage is more likely to involve significant background noise and customers whose voices could be altered by a common cold. As a result, I can imagine that voice authentication would be unlikely to be used alone. However, from the customer standpoint it would be far simpler to speak a few sentences than to remember a complex set of codes.
By continuing to innovate, not only in terms of products but also in terms of security strategies, banks are helping build customer trust and create a safe environment for online and mobile commerce which benefits us all.