When the COVID-19 pandemic first hit, banks and financial institutions rushed to digitize both their internal processes and customer-facing services as the nation suddenly shifted to work-from-home and consumers moved all their financial transactions to online and mobile channels. Financial institutions halted many of their previously planned technology projects and accelerated those that facilitate a better and more secure digital experience for customers.
However, in their haste to digitize, many financial institutions may have unknowingly created security holes and vulnerabilities that fraudsters have rushed in to take advantage of. Account takeover fraud has grown 72 percent over the previous year. Phishing attacks have grown more than 600 percent and banks have reported a seven-fold increase in suspicious business loan activity during the pandemic.
How can banks meet the new demand for digital services and provide a frictionless, yet secure customer experience, while fighting the overwhelming growth in fraud? Here are the top five things banks and financial institutions need to do right now to secure their new and existing digital offerings:
1) Become a digital-first organization
Once the pandemic hit, banks had no choice but to become digital-first organizations. Many banks have made great progress in this area and large number are working hard to get there. Complex processes like mortgage lending still remain largely paper-based and manual. Banks should look to digitize these remaining processes through the use of technologies like e-signatures and remote online notarization, which can be quickly implemented for a fast return on investment. In addition to digitizing the customer-facing processes, banks should also look internally at ways they can digitize employee-facing processes such as legal contracts, compliance, fraud disputes and other back-office procedures through the use of e-signatures and workflow technologies. They should also evaluate cloud technologies that support their digital transformation and modernization initiatives. By moving to cloud-based platforms, banks can enjoy reduced operational costs, greater agility and speed to innovation, the ability to scale, and often, a pay-as-you-go model.
2) Reinvent the customer journey
The next most important step is to reinvent the customer journey. Customer experience is everything when it comes to doing business in digital channels.Customers expect to be able to conduct every aspect of their banking – from initial account opening or applying for a loan, to approvals and settlements – quickly and easily online or via their mobile phone. Banks should look to streamline their remote account opening processes and strengthen their digital identity verification capabilities in order to provide customers with a frictionless yet secure experience. New account opening is the first experience a potential customer has with that institution and it must be as user-friendly as possible, or they will turn to a competitor instead.
Banks should also look to standardize their user databases. As a result of their legacy technology solutions, many banks today have multiple, siloed data stores and user databases. By consolidating these databases and creating a central flow for managing users, banks can better understand where their customers are in their journeys, which products they’re interacting with and how secure their stances are within those products.
3) Revaluate your risk stance
Once a bank has accomplished the first two steps, the next thing they should do is to reevaluate what their risk aversion is. When you’re a digital-first organization, the types of fraud you will experience are different. Reevaluating your organization’s stance on risk, fraud and what level of risk you’re willing to accept under different scenarios is important. Once you’ve reevaluated your risk stance, banks should look to harden their security across channels and implement a multi-layered approach to security in order to reduce risk. The use of technologies like behavioral biometrics and persistent risk analysis during online and mobile banking sessions can help prevent the types of fraud that are growing fastest, such as account takeover fraud.
4) Make sure your mobile banking apps are secure
Though both are digital channels, there are entirely different security concerns and risks when it comes to mobile banking apps, compared to online applications. When it comes to a bank’s website, most developers are already well aware that a customer’s web browser can’t be trusted. They recognize that website is an insecure application running on an insecure operating system. However when it comes to the mobile banking app, too often developers trust that the security built into the customer’s mobile operating system (OS) is sufficient to protect the app. In reality, developers should never assume that the mobile OS is secure. Customers could be using the bank’s app on a jailbroken or malware infected phone, both of which can introduce broader security vulnerabilities to the bank’s network. Instead, banks (and their developers) should adopt technologies like mobile application shielding with run-time protection to ensure that their apps are secure, even when used on an insecure device.
5) Leverage new technology like artificial intelligence (AI), machine learning and real-time risk analytics
AI is like the eyes that banks need in order to analyze patterns that humans can’t quickly pick up on. Most attacks are conducted using a machine-like or bot-like structure and they work in a similar manner every time. AI can pick up on those patterns much more quickly that a human analyst and identify attacks quickly, before they can run rampant through the bank’s network. By leveraging newer technologies powered by AI and machine learning, banks can gain real-time risk analytics capabilities that provide visibility across all their online and mobile channels in order to stop fraud attempts and other security attacks as they happen.
Traditional banks are facing an increasingly competitive marketplace, with all-digital neo-banks and new fintech startups entering the space every day. At the same time, they’ve had to suddenly accelerate their digitization plans due to the COVID-19 pandemic and are facing unprecedented growth in fraud – all while still needing to meet increasingly demanding customer expectations for a seamless experience. Those that do not digitize quickly will lose customers, revenue and market share, but banks can’t forgo security in their path to digitization. By focusing on the customer journey, reevaluating their risk stance, hardening their mobile app security and leveraging new technologies like AI for real-time fraud detection and risk analytics, traditional banks can become digital-first organizations and will be poised for continued success in the years to come.