Banks Lag on Tapping Advanced Tools for Security
July 14, 2022
Banking and Security Controls
A majority of banks and credit unions still rely on usernames and passwords to grant access to customer accounts — in fact, according to a recent survey by Entrust, 80% of 1,350 consumers surveyed across nine countries said their financial institution uses such security measures, with 58% saying they are met with security questions, and 43% reporting the use of two-factor authentication. Meanwhile, fewer institutions are making use of advanced technologies like biometrics, such as fingerprint recognition (38%) or facial recognition (27%). In the US, biometric technology is already gaining traction with financial institutions, and adoption may be higher than it is in other countries, but this data suggests we still have a way to go before such methods are ubiquitous.
Consumers are concerned about fraud, and when they experience an issue, they tend to blame their bank or credit union — according to the report, 67% of respondents notified of fraud changed providers as a result. This suggests that banks not yet making use of more advanced technologies are missing an opportunity to provide greater security and protect customer relationships. Biometric authentication, in particular, is more secure than a username and password because it relies on attributes unique to a user, through a facial scan, for example. This technology is not exactly cutting edge, it’s been around for a long time, and powers most of the world’s smartphones. It’s also not foolproof and works best when leveraged as part of a multifactor authentication regime. As such, the idea is not that we should all be switching to facial scanning technology for account access but rather that institutions need to be thinking more holistically about security. Usernames and passwords are old and outdated, but what comes next? What combination of tools provides the highest level of security with the least friction for your customers? These are the questions we need to be asking today.
Over time, we are likely going to see even greater advancements in authentication technology. Already, work in the behavioral biometrics space appears to be moving us toward a future where a bank can validate a person’s identity through data on past behavior, such as how they type or swipe. As this happens, we may shift into an entirely new realm of digital identity, one that banking providers and consumers will need to get comfortable with and used to. As with so many things in banking (and life), technology often moves faster than comfort levels. In this case, though, it’s in everyone’s interest to get there quickly. Traditional methods of authenticating a customer, namely the use of a username and password, are notoriously vulnerable. People reuse credentials all the time — a hacker’s dream. So, whether you’ve already adopted newer security measures or not, it’s time to think about how they might augment your authentication processes, both now and in the future. Eventually, and hopefully, we may be able to move on from methods that no longer make sense.