Navigating the Choice Between Security and Customer Experience

Categories
Mobile Protection

Published on September 15, 2020 by Lina Berzinskas

Reading Time: 3 minutes

Navigating the Choice Between Security and Customer Experience

Chances are, if you’ve used a mobile banking app, or bought something online, your purchase was facilitated in part by a Fiserv product. Fiserv is a global provider of financial services technology. Clients include banks, credit unions, financial companies and retailers. As a Fintech company, Fiserv provides payment and commerce enabling technology to clients in more than 100 countries, serving as an “industry standard” across the world.

In a recent article “2020 Trends in Fraud and Financial Crime Risk Management” Andrew Davies – Fiserv’s VP of Global Market Strategy writes “Criminals are even more on the offensive, constantly researching new vulnerabilities and developing fresh attack vectors. For financial institutions, that’s spurred growth in both process and technology investments to keep pace.” The question that Fiserv and many other financial institutions are asking: “How do you accurately manage detecting financial crime without inhibiting the customer experience?”

3 Trends in Balancing Customer Experience with Security include:

  1. Understanding Appetite for Risk

Speed plays a crucial role in both security and customer experience. Logging in and completing transactions needs to be fast and efficient; however, keeping things secure can slow down the process. The struggle between ease of use and safety measures leads to a dilemma: Where is the balance between keeping user data secure, while also creating an efficient experience?

Davies writes, “Some people are more cavalier about how they make purchases and send money, so there’s also an element of empowering consumers to accept the level of risk that is commensurate with their risk profile. It’s about giving them control, particularly corporate customers. Expect continued adoption of a risk-based approach to monitoring based on the risk profile of the person or organization.”

  1. Machine Learning and Adaptive Authentication

Detecting account takeovers and synthetic identities is a hefty responsibility for any institution. Traditional identification factors – asking for a PIN or Social Security Number – leave room for manipulation. Machine learning however can identify unusual behavioral patterns, and lock accounts more quickly and accurately than compromised PINs could.

In an article published in Security Magazine, “Context Matters: Using Machine Learning for Adaptive Authentication”, the author explains, “Adaptive authentication relies on machine learning to build a baseline over time of “normal” user behavior. Typically it uses behavioral location, time and usage anomalies, network trust and device and app DNA when responding to a user request.”

When an intelligent security solution adds layers of machine learning to the strategy (for example, to decide if an authentication request cannot be valid based on a user’s last known login time and location), it can immediately deny access or require more rigorous authentication procedures. The article goes on to say, “the use of machine learning and predictive analytics for adaptative authentication is the latest step in helping integrate what was once a uniquely human ability to holistically assess a situation into our most cutting edge cyber-security tools.”

  1. Proactive Protection vs Reactive Protection

Fintech tools and services carry a lot of responsibility. Not only do they have to be efficient, they must also be trustworthy. Davies writes “Security and integrity are differentiators in today’s market. But the key element with any new technology or risk-based approach is to enhance, rather than inhibit, the consumer experience through effective security protections.”

“Enhance” rather than “inhibit” highlights the point that security needs to do more than stop an attack once it is underway, it needs to impede and discourage it from happening.

At PreEmptive, our purpose is to provide a layer of protection to do just that. By applying different obfuscation transforms to protect application code (often containing secrets and other sensitive information), an organization creates an additional barrier which serves as the first line of defense. Also RASP (Real Time Application Self-Protection) transforms can be applied to alert a user or administrator that someone is attempting to hack or illegally enter the app.

Cyber criminals are becoming more sophisticated by the day. Organizations face the responsibility of evolving their digital products, while also simultaneously protecting their innovations from the latest threats. By understanding a user’s appetite for risk, and applying machine learning and code protection techniques, an organization can continue to provide security without inhibiting experience.

To learn more about how PreEmptive works with organizations like Fiserv, watch our video.