Navigating the Choice Between Security and Customer Experience

September 15, 2020 427 Views Lina Berzinskas

Navigating the Choice Between Security and Customer Experience

Chances are, if you’ve used a mobile banking app, or bought something online, your purchase was facilitated in part by a Fiserv product. Fiserv is a global provider of financial services technology. Clients include banks, credit unions, financial companies and retailers. As a Fintech company, Fiserv provides payment and commerce enabling technology to clients in more than 100 countries, serving as an “industry standard” across the world.

In a recent article “2020 Trends in Fraud and Financial Crime Risk Management” Andrew Davies – Fiserv’s VP of Global Market Strategy writes “Criminals are even more on the offensive, constantly researching new vulnerabilities and developing fresh attack vectors. For financial institutions, that's spurred growth in both process and technology investments to keep pace.” The question that Fiserv and many other financial institutions are asking: “How do you accurately manage detecting financial crime without inhibiting the customer experience?”

3 Trends in Balancing Customer Experience with Security include:

Understanding Appetite for Risk

Speed plays a crucial role in both security and customer experience. Logging in and completing transactions needs to be fast and efficient; however, keeping things secure can slow down the process. The struggle between ease of use and safety measures leads to a dilemma: Where is the balance between keeping user data secure, while also creating an efficient experience?

Davies writes, “Some people are more cavalier about how they make purchases and send money, so there's also an element of empowering consumers to accept the level of risk that is commensurate with their risk profile. It's about giving them control, particularly corporate customers. Expect continued adoption of a risk-based approach to monitoring based on the risk profile of the person or organization.”

Machine Learning and Adaptive Authentication

Detecting account takeovers and synthetic identities is a hefty responsibility for any institution. Traditional identification factors – asking for a PIN or Social Security Number – leave room for manipulation. Machine learning however can identify unusual behavioral patterns, and lock accounts more quickly and accurately than compromised PINs could.

In an article published in Security Magazine, “Context Matters: Using Machine Learning for Adaptive Authentication”, the author explains, “Adaptive authentication relies on machine learning to build a baseline over time of “normal” user behavior. Typically it uses behavioral location, time and usage anomalies, network trust and device and app DNA when responding to a user request.”

When an intelligent security solution adds layers of machine learning to the strategy (for example, to decide if an authentication request cannot be valid based on a user’s last known login time and location), it can immediately deny access or require more rigorous authentication procedures. The article goes on to say, “the use of machine learning and predictive analytics for adaptative authentication is the latest step in helping integrate what was once a uniquely human ability to holistically assess a situation into our most cutting edge cyber-security tools.”

Proactive Protection vs Reactive Protection

Fintech tools and services carry a lot of responsibility. Not only do they have to be efficient, they must also be trustworthy. Davies writes “Security and integrity are differentiators in today’s market. But the key element with any new technology or risk-based approach is to enhance, rather than inhibit, the consumer experience through effective security protections.”

“Enhance” rather than “inhibit” highlights the point that security needs to do more than stop an attack once it is underway, it needs to impede and discourage it from happening.

At PreEmptive, our purpose is to provide a layer of protection to do just that. By applying different obfuscation transforms to protect application code (often containing secrets and other sensitive information), an organization creates an additional barrier which serves as the first line of defense. Also RASP (Real Time Application Self-Protection) transforms can be applied to alert a user or administrator that someone is attempting to hack or illegally enter the app.

Cyber criminals are becoming more sophisticated by the day. Organizations face the responsibility of evolving their digital products, while also simultaneously protecting their innovations from the latest threats. By understanding a user’s appetite for risk, and applying machine learning and code protection techniques, an organization can continue to provide security without inhibiting experience.

To learn more about how PreEmptive works with organizations like Fiserv, watch our video.

Latest Blog Posts

Integrating DashO into a Maven Build

Maven is perhaps the most widely-used project management tool for Java. Based on the Project Object Model (POM), it is used not only for compilation of source code, but also dependency management, documentation, running tests, packaging, deployment, and more. We are frequently asked if we have a Maven plugin for running DashO. Though we do not offer a specific Maven plugin, adding DashO to your Maven-based project is surprisingly easy by leveraging Ant.

In an already digital world, the Covid-19 pandemic forced society and businesses to adopt additional modes of technology and press on for more advanced application development. Business’ focus shifted to increased remote work collaboration, streamlined contact tracing work, and enhanced consumer e-commerce connections. With little knowledge on how much longer social distancing measures will be in place, more on-demand application development options are needed to successfully maintain workplace functionality.

Gabriel Torok, Founder and CEO of PreEmptive, recently authored an article as part of the Forbes Technology Council. In it, he describes four application trends that help predict emerging expectations for the future of enterprise.

Customers occasionally ask us about adding DashO, Dotfuscator, or JSDefender to their Docker-based build processes. We do not provide pre-built Docker containers for our products, but it is relatively straightforward to create your own containers with the distributions we do provide. Historically, setting up licensing for these containers could be a challenge, but with the recent addition of Floating license support to DashO, Dotfuscator, and JSDefender, even the licensing part is straightforward.

This blog provides example Dockerfiles for each product, as a starting point for building your own containers. You will need to replace {x.y[.z]} with the appropriate major.minor[.patch] version.

Read more