Security and customer experience are two vital pieces of the digital banking puzzle. Unfortunately, one is usually prioritised over the other, leaving consumers confused around best practice, and frustrated when things go wrong. With Ciaran Martin, head of the National Cyber Security Centre, recently stating that changing our password too often leaves us more open to cyber-attacks, consumers are increasingly left in the dark about what they should and shouldn’t be doing to keep their data safe online. Intelligent Environments has long been calling on the digital banking sector to not only make users more aware of cyber fraud by improving education, but also to make it easier for customers to protect their personal data online. Although there has been movement towards more reliable data security procedures, there is still much more that needs to be done to ensure consumers are better protected, while still providing a quality user experience.
Our own research shows, specifically in terms of online banking, that consumers agree with Mr Martin. Managing their personal security is seen to be too complicated, and this ultimately leads to unsafe behaviour. Passwords and log-in processes seem to be a particularly significant problem.
According to a recent study carried out by Intelligent Environments, over a third (34 per cent) of people admit to writing their passwords down to remember them. We are told that best practice states passwords should be long and unique for each different account, with some organisations suggesting changes every 30 days. It’s fair to say that the majority of consumers don’t follow these guidelines, especially as the average citizen in the UK is registered on over 90 accounts, according to password management company Dashlane. If an average consumer followed these guidelines, they would need 1,095 different passwords, or password iterations, every year. It comes as no surprise then, that people are writing passwords down to keep track of which is for online banking, and which is for their magazine subscription, compromising their security.
Worryingly, our research also showed that 21 per cent of consumers admitted to sharing their PINs with colleagues, friends or family members to withdraw money on their behalf, an act which we are warned against regularly. This demonstrates that the issue goes beyond simply better education, which the financial sector is already heavily investing in through banks’ individual campaigns, and through joint-activities with third parties such as the Government backed Get Safe Online campaign.
Consumers are aware that there is a need to improve their own data protection habits, with 60 per cent saying they have become more aware of security due to high-profile cyberattacks such as the Three and Tesco hacks of 2016. However, ultimately, banks and other organisations who hold sensitive data need to implement more robust security measures against hacking and cybercrime. This includes making better use of technology such as biometrics, which can not only be more secure than traditional password and PIN technology, but also more user friendly.
The EU General Data Protection Regulation (GDPR) that will come into force in 2018 will ensure financial institutions pay far more attention to security, as the punishments for neglecting data protection will be severe. However, increased security cannot be to the detriment of the user experience and users will find a way around the measures if they are seen to be in any way cumbersome.
A recent story from the US highlights the disconnect between the user experience and security. It was reported that a child accidently ordered a doll house via Amazon Echo by simply asking "Can you … get me a doll house?". It turned out that her parents had not set up the optional four-digit security code, spoken aloud to confirm purchases. The story went viral, and in the process highlighted consumers’ sometimes casual consideration for personal security. During the local news’ broadcast, the anchor signed-off by saying, "I love the little girl saying 'Alexa, order me a doll house'". This then caused several other Echo owners’ machines to place orders for doll houses as their devices were activated by the anchor’s off-the-cuff remark.
As much as this story is amusing, the message here is that security features are there for a reason, to stop unwanted purchases and to protect data. Yet, consumers’ natural inclination is to side-step complicated processes wherever possible. So, while there is an increased need for improved cybersecurity technology and process, the financial sector must make a great effort to ensure it is never to the detriment of a great and seamless user experience.
There is no doubt that technology is improving the customer experience, but it is also opening consumers up to growing security threats and therefore increasing the need for financial institutions to improve their cybersecurity technology. Now that senior security experts are recognising the problem, hopefully this message will trickle down to the wider business community.