Partner Insight: Digital banking puts security and authentication centre stage, finds survey

Partner Insight: Digital banking puts security and authentication centre stage, finds survey

The pandemic has pushed millions of customers towards digital banking, insurance, and payment services. The ability for consumers and businesses to manage their finances online or from mobile devices has been a boon, spurred on by disruptive FinTech providers.

Significantly, it also obliges those companies to ensure that services are secure, and that both users and employees are authenticated.

This was no overnight transformation, but an acceleration of trends that existed before the crisis hit. Open Banking services - introduced in January 2018 - are now used by an estimated four million UK customers, according to the Open Banking Implementation Entity (OBIE).

Initial uptake was cautious, but the crisis has doubled user numbers. This forces providers to compete for customer loyalty and convenience (now that users can move their data with ease). However, it also means that security is essential to protect vulnerable finances and prevent a loss of customer - and industry - trust.

Meanwhile, some analysts put mobile banking uptake at 76 percent of all UK account holders, while others estimate that usage is less than that. Either way, one thing is clear: mobile apps and digital services are strongly favoured by new banking customers.

This generational shift into more demand-led finance recasts banks in the mould of utilities, according to UK Finance Minister John Glen at a November 2021 speech to the industry. But this means that customers expect an accessible, intuitive system.

The crisis and soaring adoption have certainly pushed trust, security, and identity management to the forefront of digital finance. Fraud, phishing, and ransomware attacks have all increased during the Covid pandemic, so what is the level of threat to Financial Services specifically?

A Computing survey of 150 IT leaders in medium-sized enterprises in professional sectors of the economy - including Financial Services such as banking, payments, and insurance - found that 38 percent have experienced either daily (13 percent) or weekly (25 percent) attacks on their platforms.

A further 19 percent say attacks have been monthly occurrences since 2020, while 24 percent report at least one serious incident over the past year. In total, 81 percent of companies surveyed have experienced attacks since the pandemic began.

Among Financial Services respondents alone, 25% report weekly attacks, and a further 25% have experienced at least one attack in the past 12 months. In total, half of banks and other financial providers included in our research have been hit since last year.

Hackers are also targeting cryptocurrency exchanges. This month, cybercriminals are reported to have made off with $196 million in assets from trading platform Bitmart.

Aside from protecting the organisation's perimeter and privileged customer data, authenticating users of all types of financial service is critical, to prevent unauthorised access to customer accounts.

It is also essential to authenticate employees who access internal and customer data, especially if they are working remotely.

Despite this, less than 30 percent of respondents have fully implemented an advanced Identity & Access Management (IAM) platform, while less than 28 percent are actively rolling one out.

But it is not just about technology. Striking the right balance between security and ease-of-use is critical when it comes to digital finance.

On the one hand, customers crave simple, low-friction apps. But on the other, they expect them to be secure - to prevent people not only stealing their money, but also gaining access to their personal data and transaction histories.

Put another way, the system needs to be robust, but if users must jump through too many hoops to access their money or essential data, they may choose a different brand.

Despite this, IAM adoption is running behind attack rates, while nearly 14 percent of respondents have either no plan to deploy it, or (in just one percent of cases) no interest in the technology at all.

That said, Computing found that cybersecurity is top of the list of issues to be tackled via IAM, above (in descending order) regulatory compliance, easing the burden on IT, and gaining a competitive advantage.

For many customers, however, security may be the most important differentiator.

Find out more Reducing complexity in Identity & Access Management

This post is funded by Okta