Consumers want to their financial institutions to offer products and services online, which raises the issue of digital security. While major financial institutions have moved many services online, they are constantly evaluating best practices to ensure privacy and security.
For financial institutions that are transitioning to a more digital-first approach, but want to ensure that they are providing a safe experience for their customers, authentication is an important element that can help mitigate fraud and cyberattacks.
Authentication is the process of identifying an individual or their device in order to ensure that they are who they say they are. Authentication verifies an individual’s identity, allowing them to have access to information or the ability to complete a certain transaction. Authentication is built into many things that people do every day, from the passwords we use to access an account, to the facial recognition in many smartphones. Authentication is also important to verify someone’s identity and authenticate documents during important transactions like loan and mortgage closings.
There are different approaches to the identity verification process. Here are some options that financial institutions might consider for authentication:
This is the most common form of authentication, and is required for nearly every application or website that requires a log-in. The benefits of password authentication are that users are accustomed to creating/saving passwords for their online accounts, and it’s a low cost solution. However, highly secure password-based authentication requires additional back-end security measures to ensure that cybercriminals can’t gain access to passwords. Financial institutions should also require that customers use a minimum password standard that is very strong — including a variety of numbers, letters and special characters.
Also referred to as two-factor authentication, this approach increases security with a second identifier, such as sending a code to a second device or requiring the user to click on an email in order to verify their identity. There are some multi-factor technologies that work in the background, using available data to ping a user’s cellphone, for example. This type of authentication is valuable for more secure or first-time transactions.
This growing field uses technology to scan eyes and recognize faces and fingerprints in order to create highly secure and easy identification. Consumers are becoming increasingly familiar with this type of authentication, with many using facial recognition to unlock their smartphones and access apps on a daily basis.
For some financial transactions, not only do people need to provide a form of identification such as a driver’s license or passport, they also need to have forms and documents notarized as another step for confirming identity. For digital banking, this means using an online notarization platform with encryption and recording capabilities so that notarizations are secure and convenient for customers, while allowing financial institutions to easily verify and authenticate documents and signatures.
In 2021, 90% of people in the US used some kind of financial services technology, and they are hungry for even more of their banking needs to be met digitally. Naturally, as consumer activity moves online, so do hackers. But this shouldn’t dissuade financial institutions from providing more digital services.
Authentication ensures that customers, their data and their assets are kept safe. It can help by creating a variety of hurdles before granting access to personal information or accounts. In particular, employing multi-factor or biometric authentication and secure data storage are extremely effective against cyberattacks.
The best approach to authentication starts with an assessment of the different activities that are available online for a given customer journey. The first thing to look at is the level of security required for a certain action. If the activities do not provide access to actual financial assets or tap into sensitive data like social security numbers, then authentication requirements can be less intensive.
Another factor to consider is the value of taking a layered approach. Financial institutions can require password-based logins for less sensitive activity and then request a second form of authentication on certain parts of the website or app if a customer wants to transact. Not every customer or transaction requires the same approach to authentication.
With so many consumers embracing online banking and other digital financial activities, it’s important that financial institutions take the step to mitigate fraud and cyberattacks by implementing some form of secure authentication.