Navigating the Choice Between Security and Customer Experience

September 15, 2020 815 Views Lina Berzinskas

Navigating the Choice Between Security and Customer Experience

Chances are, if you’ve used a mobile banking app, or bought something online, your purchase was facilitated in part by a Fiserv product. Fiserv is a global provider of financial services technology. Clients include banks, credit unions, financial companies and retailers. As a Fintech company, Fiserv provides payment and commerce enabling technology to clients in more than 100 countries, serving as an “industry standard” across the world.

In a recent article “2020 Trends in Fraud and Financial Crime Risk Management” Andrew Davies – Fiserv’s VP of Global Market Strategy writes “Criminals are even more on the offensive, constantly researching new vulnerabilities and developing fresh attack vectors. For financial institutions, that's spurred growth in both process and technology investments to keep pace.” The question that Fiserv and many other financial institutions are asking: “How do you accurately manage detecting financial crime without inhibiting the customer experience?”

3 Trends in Balancing Customer Experience with Security include:

Understanding Appetite for Risk

Speed plays a crucial role in both security and customer experience. Logging in and completing transactions needs to be fast and efficient; however, keeping things secure can slow down the process. The struggle between ease of use and safety measures leads to a dilemma: Where is the balance between keeping user data secure, while also creating an efficient experience?

Davies writes, “Some people are more cavalier about how they make purchases and send money, so there's also an element of empowering consumers to accept the level of risk that is commensurate with their risk profile. It's about giving them control, particularly corporate customers. Expect continued adoption of a risk-based approach to monitoring based on the risk profile of the person or organization.”

Machine Learning and Adaptive Authentication

Detecting account takeovers and synthetic identities is a hefty responsibility for any institution. Traditional identification factors – asking for a PIN or Social Security Number – leave room for manipulation. Machine learning however can identify unusual behavioral patterns, and lock accounts more quickly and accurately than compromised PINs could.

In an article published in Security Magazine, “Context Matters: Using Machine Learning for Adaptive Authentication”, the author explains, “Adaptive authentication relies on machine learning to build a baseline over time of “normal” user behavior. Typically it uses behavioral location, time and usage anomalies, network trust and device and app DNA when responding to a user request.”

When an intelligent security solution adds layers of machine learning to the strategy (for example, to decide if an authentication request cannot be valid based on a user’s last known login time and location), it can immediately deny access or require more rigorous authentication procedures. The article goes on to say, “the use of machine learning and predictive analytics for adaptative authentication is the latest step in helping integrate what was once a uniquely human ability to holistically assess a situation into our most cutting edge cyber-security tools.”

Proactive Protection vs Reactive Protection

Fintech tools and services carry a lot of responsibility. Not only do they have to be efficient, they must also be trustworthy. Davies writes “Security and integrity are differentiators in today’s market. But the key element with any new technology or risk-based approach is to enhance, rather than inhibit, the consumer experience through effective security protections.”

“Enhance” rather than “inhibit” highlights the point that security needs to do more than stop an attack once it is underway, it needs to impede and discourage it from happening.

At PreEmptive, our purpose is to provide a layer of protection to do just that. By applying different obfuscation transforms to protect application code (often containing secrets and other sensitive information), an organization creates an additional barrier which serves as the first line of defense. Also RASP (Real Time Application Self-Protection) transforms can be applied to alert a user or administrator that someone is attempting to hack or illegally enter the app.

Cyber criminals are becoming more sophisticated by the day. Organizations face the responsibility of evolving their digital products, while also simultaneously protecting their innovations from the latest threats. By understanding a user’s appetite for risk, and applying machine learning and code protection techniques, an organization can continue to provide security without inhibiting experience.

To learn more about how PreEmptive works with organizations like Fiserv, watch our video.

Latest Blog Posts

Protecting Java applications that use Jackson for JSON

JSON is a standard format for sharing objects and data within an application. When working in Java, there is no built-in support for JSON processing. There are, however, several widely-used libraries and options to choose from. In this article, we will focus on Jackson, which is one of the most popular.

AutoMapper is an object-to-object mapping system used by many of our customers. It aims to simplify and organize code responsible for sharing instance values from an object of one type to an object of a different type.

Inventa, a Wireless Technology Company, Protects their Android Application with DashO

The Beginnings of Inventa

Having worked in the wireless mobile technology domain in the US, Anand Virani, became intrigued by the growing tech and wireless trends and wanted to explore the field more for himself. He noticed a boom in the Internet of Things (IoT) and that smartphones were becoming more central to how people interacted with each other at home, in the office, and in public places. What if there was a way phones could connect with each other without the need for Internet or cloud access? Smartphones were the future and Virani was determined to make a profitable business model based on this new trend.

Surgical Theater Protects their Medical Applications with Dotfuscator

How It All Started

How is flying a fighter plane similar to performing neurosurgery? They have more in common than you’d think. In 2005, Monty Avisar and Alon Geri, two Israeli fighter pilots were assigned to work with Lockheed Martin to build a $50 million F-16 Flight Simulator program for the Israeli Air Force to improve hand-eye coordination skills for their pilots during combat. Avisar took on the role of project manager and Geri served as senior engineer; the project was a success.

Four years later in 2009, the two finished their military service in Israel and moved to Cleveland, Ohio. Their experience working in virtual reality applications inspired them to wonder where this technology could also be applied. With several connections to surgeons, the two came to understand the ins and outs of operation procedures; in a similar way, surgeons were also working on a battlefield. What if surgeons could also train like fighter pilots and preview their surgical procedure, much like a fighter pilot could pre-fly their mission? The surgeons could pre-plan the operation from every angle and every approach to increase their situational awareness. And a year later, Surgical Theater was born.

Maven is perhaps the most widely-used project management tool for Java. Based on the Project Object Model (POM), it is used not only for compilation of source code, but also dependency management, documentation, running tests, packaging, deployment, and more. We are frequently asked if we have a Maven plugin for running DashO. Though we do not offer a specific Maven plugin, adding DashO to your Maven-based project is surprisingly easy by leveraging Ant.

Navigating the Choice Between Security and Customer Experience

Protecting Java applications that use Jackson for JSON

Protecting C# applications that use AutoMapper

Inventa, Wireless Technology Company, Protects their Android Application with DashO

Surgical Theater Protects their Medical Applications with Dotfuscator

Integrating DashO into a Maven Build

Latest Blog Posts

Protecting Java applications that use Jackson for JSON

Protecting C# applications that use AutoMapper

Inventa, Wireless Technology Company, Protects their Android Application with DashO

Surgical Theater Protects their Medical Applications with Dotfuscator

GlobalMed Finds Success by Switching to JSDefender

Twitter