Written by guest blogger, Ruhan Basson
"You’ve got to start with the customer experience and work back toward the technology, not the other way around.” ~Steve Jobs
In today’s world of omni-channel banking, over 90% of customers are dissatisfied with traditional methods of authentication (1). Some of the more common grumbles include:
- The time taken to authenticate
- Complex password and PIN requirements that are hard to remember
- Challenging questions that are intrusive and, in some cultures, offensive
- Authentication tokens that are inconvenient to carry around
Traditional frameworks and security approaches to mapping the customer journey are becoming obsolete. In today’s interconnected world, why would customers want to continuously authenticate themselves? They want synchronisation access across including branches, desktops, call centres and mobile phones. They want to choose between numerous channels, and move freely and seamlessly between them. Customer expectations are changing, and as such, the way that security supports the customer journey needs to adapt too.
The advancement of Deep Learning-enabled biometric authentication provides banks with the ability to deploy a risk-based approach to security. Depending on the risk profile of a use case, banks are now able to apply the appropriate amount of friction within the user journey without compromising on security...thus improving the user experience.
Let’s consider the example of adding a new payee. A typical online banking application requires the user to authenticate the action through a cumbersome process using hard tokens and out-of-band authentication methods such as SMS text messages. Were a bank to use biometric data captured through technology commonly available today, such as behavioural authentication via interactions with a device, keyboard, touchpad or mouse, it would find itself able to authenticate users by conducting a real-time, risk-based assessment (RBA) of how the customer interacts with the device and application. In fact, it could actually use behavioural authentication to reduce the security requirements.
Less can actually be more; stepping up (and stepping down) biometric authentication as security
This may sound counter-intuitive to today’s security-heavy approach. But by using a continuous behavioural biometric assessment, the bank only needs to introduce friction into the user journey if a behaviour score drops below a defined threshold. This is in stark contrast to today’s blanket approach of assuming a user is an imposter that must pass onerous authentication processes. Quite the opposite; banks can now assume that a user is a legitimate user until the biometric platform indicates otherwise.
Biometric authentication and multi-factor authentication companies talk a lot about ‘step-up authentication’ – layering on biometric authentication or other MFA security until a bank is satisfied that the user is who they say they are, and so can carry on with the transaction.
But what we talk about less – and what propels from “adequate” to “exceptional” service to the customer – is the ability to step down this authentication process. A typical transaction might usually require continuous behavioural authentication plus a step-up to voice authentication or facial authentication. Which is fine...but still introduces an additional element of friction. Imagine if you could step down the authentication, based on a satisfactory RBA from the behavioural biometric data?
With AimBrain’s in-session risk assessments and the bank’s ability to control its risk threshold across a wide range of scenarios, you may find that your customers fall within adequate risk profiles, and you can actively invoke less security. Now that is truly putting the customer experience first.
Connecting your customer’s biometric data across all channels
We talk quite a bit about the importance of distinguishing between device-based authentication and cloud-based authentication – you can read one of our latest blogs for our key thoughts and findings. What is critical here though, is to know that a true omni-channel user experience can only be achieved when the biometric template (the template against which a user is authenticated) is stored in the cloud.
Why? Because device-based authentication does not address cross-platform onboarding or authentication, it requires on-boarding and enrolment for each device. What does this mean? Additional cost for you, to maintain different enrolments for every channel, and a disjointed and frustrating experience for the customer, who may be using voice or face to login to mobile banking, but requires PINs, passwords, telephone banking codes, personal information and more to use other channels. Mobile is but one channel in an omni-channel experience, and the experience should be consistent across every channel.
By applying a BIDaaS (Biometric Identity as -a-Service) model, a bank can let their customer create a digital template of their voice, face and behavioural biometric information, which the bank can then use to authenticate the user across any channel. This approach allows AimBrain to authenticate the individual and not just the device. It also allows the banks to utilise multiple biometrics at the same time and to initiate ‘step-up’ or ‘step-down’ authentication for specific actions or only when behavioural scores suggests further scrutiny.
As an aside, we always like to point out that no customer Personally Identifiable Information (PII) is required, neither does AimBrain store any raw biometric data such as an image or recording. Biometric templates are stored as encrypted mathematical constructs against unique randomised user IDs provided by a bank. We are a security company first and foremost.
Striving for customer satisfaction within an omni-channel context, banks can today leverage Deep Learning-enabled BIDaaS platforms to improve the customer journey while at the same reduce liability and enhance security.
Ruhan Basson is Head of Pre-Sales and Delivery at AimBrain