Why (and how) you should involve your customers in authentication
When it comes to securing online and mobile financial services, the maxim has been to avoid imposing friction on the user at all costs, particularly so in the United States. This is all very well, except that not involving the user in security authentication at all can have unintended - and very unfortunate - consequences. Risk-based authentication, for example, is currently enjoying popularity as a security measure because of its unobtrusiveness to users. But while the technology prevented $6.5 billion in fraud in 2016, according to BI Intelligence, it also blocked $8.6 billion worth of legitimate transactions. To some, this trade-off may be acceptable. At Entersekt, we prefer looking at things from the users' point of view.
Online and mobile users want to feel in control of their identity and other digital assets. They want to be empowered with the choice to say Yes or No to an action made in their name before that action takes place. Even in the US market, where consumer convenience typically trumps explicit security measures, research by RSA found that 93% of American digital users want to be involved in choosing how their personal information and accounts are protected online.
Entersekt has seen at first hand the impact of user involvement in our deployments in Europe, Africa, and the United States: when customers feel empowered by simple, active authentication measures, they feel safer, transact more, and opt into a greater number of digital services. That adds up to higher revenue - despite nay-sayers predicting the opposite. It's not about how little friction you cause - it's about how much trust you create.
Seeing is believing
Banking users don't want to be burdened with multiple clumsy authentication processes, but they do like a visual indicator that they are in a secure environment, and they like the power of giving permission to complete or cancel a transaction. That being said, permission doesn't need to be requested for minor actions that fall within the user's established transacting pattern. After all, fraudsters don't break into accounts so they can transfer funds to the customer's existing beneficiaries.
Entersekt's technology gives users the power to reject a fraudster's attempt at a transfer or withdrawal before it happens, using only their mobile phone, which they always have with them. Wouldn't you much rather stop an attack in its tracks than receive a notification after your money has already been stolen? Regulators across the globe certainly think you would, which is why the General Data Protection Regulation (GDPR) in Europe, slated to kick in on 25 May, mandates explicit user approval for most financial transactions.
When users feel empowered, they feel safer, transact more, and opt into a greater number of digital services.
A real-time response to a push notification from the bank is quick and painless for the user to deal with, but this simple moment of friction gives them the knowledge that they have the final say on their finances. Interactions like these gradually build trust, leading to more transactions and more user take-up of other digital services. Incorporating just that little bit of friction in your authentication approach is an all-round win for your users - and an all-round win for you.
Schalk Nolte is CEO of Entersekt, an innovator in push-based authentication and app security. With experience in managing large-scale mobile technology and network deployments across Africa and the Pacific, he is a driving force behind Entersekt's growth.
As CEO, Nolte's vision is to turn Entersekt into the de facto solution for banking security, with a focus on building consumer trust in mobile and changing the way financial institutions interact with their customers. He is responsible for overseeing the company, its investors and continued growth and development, and has been instrumental in facilitating the implementation of Entersekt's technology in more than 45 countries to date.
Previously, Nolte served in various leadership roles within the mobile and telecoms industry. At the Nigerian company Vmobile (now part of the Zain Group) he was responsible for technology deployment as well as building and managing a team across the country, consistently exceeding targets.
Nolte earned his Bachelor's of Electrical and Electronic Engineering from Stellenbosch University, one of the top research universities in South Africa.