Transform the customer experience without dropping your defenses

Balancing cybersecurity with usability is key for growth in Financial Services

by Todd Waskelis, AVP, Cybersecurity Solutions, AT&T

The digital shift has opened new frontiers for Finance, but it’s also brought accelerated consolidation, regulation, and rising expectations from tech-savvy consumers. Competitors have also come out of the Fintech woodwork, constraining top line growth. Legacy providers that have historically taken consumer loyalty for granted can no longer consider “pain of switching” a sustainable customer retention strategy.

At the same time, increasing cybersecurity costs have put even more pressure on revenue and earnings. A security breach can cost financial firms 74% more than other industries. If the number of cyberattacks in the news points to any one pattern, it’s that companies are grappling with how to  protect their businesses from “edge to edge”.

Customer experience as a growth strategy

When growth is the goal, finding the right balance between cybersecurity and usability is key: a simple, virtually seamless user experience, wrapped in unobtrusive, yet omnipresent layers of protection. The conundrum for business leaders is finding the right mix of time and resources prioritized to each.

“Businesses are forever grappling with the tension between managing fraud and maintaining a positive customer experience,” according to a recent Experian report. “In most cases, the latter wins out, as evidenced by their willingness to accept higher fraud losses from authentication protocols that they concede might be deficient, but do not disrupt the user experience.”

The report cites 53% of customers who say they’ll abandon the transaction if asked for too much information during account setup vs. 27% that will abandon the transaction if they feel there’s a lack of security.

Financial firms have heard the market loud and clear, making customer experience a cornerstone of their digital transformation efforts across the front, middle, and back office. Customer engagement is a powerful growth driver, with the potential to reignite loyalty, gain greater share of wallet, and replace routine transactions with long-term, higher-value advisory relationships.

As a result, the norm is becoming coffee shop-inspired branches, mobile devices as the primary interface, smarter apps that aggregate deep analytics for more personalized recommendations, and a commitment by employees and management to delivering consistent, device-agnostic omnichannel experiences.

Software-defined future

If the challenge of legacy transformation is to reshape the customer experience more securely and cost-effectively, financial firms are embracing integrated, software-defined technology as the solution. The flexibility of implementation (buy vs. build vs. rip and replace vs. progressive innovation) and the ease of future upgrades is more likely to keep pace with customer expectations in addition to regulatory and compliance concerns.

Anthony Dynkin is empathetic to a phased approach to implementation where new software-defined networking (SDN) and Network Functions Virtualization (NFV) can coexist with legacy tech. “SDN and NFV, SD-WAN, it's a major, major transformation for a company. You're bound to have a lot of legacy networks, you're bound to have a lot of legacy systems, all that stuff, and they cannot just simply be ripped out.”

Software-defined infrastructure (SDI) has become the future-flexible answer to evolving business challenges in the data center, and software-defined mobility (phones and tablets) has become the primary access point for customer interactions.

The catch

While new software-defined network architectures have seemingly endless potential, SDN, Internet of Things (IoT), and mobile device connectivity are all proliferating the number of end points vulnerable to cyber-attack.

It’s common to run into cybersecurity roadblocks when deploying SDI or rolling out a hybrid cloud model. To transition without increasing exposure to cybersecurity risk, a business needs an edge-to-edge risk management strategy that works to reduce risk across the company's endpoints, networks, and cloud services.

Two sides of the same coin

One of the most successful manifestations of endpoint security balanced with customer experience is the mobile device unlock code. Perimeter security of the highest priority, it’s also fast and simple, accessed dozens of times per day. Instead of a clunky token process, web portal redirect, or aftermarket add-on, the authentication experience is effortlessly integrated into the usability of the device, minimizing friction. It even goes a step further: providing peace of mind that becomes a confidence differentiator, driving sales and future growth.

  • Instead of being an afterthought, cybersecurity considerations should be included at the very beginning of product or service design discussions, for both new development and future upgrades. This can avoid common frustrations like not saving preferences across different login sessions, forcing multiple logins when viewing different service areas, having dissimilar mobile and desktop designs, and requiring users to fill out forms that are too long.
  • Predictability compliments the perception of security. Walking customers step-by-step through digital processes with a visual multi-step progress indicator can minimize transaction abandonment triggered by a perceived lack of security or uncertainty that “things are working as expected”. Displaying only the most relevant information at any given time can reduce confusion while emphasizing the credibility and safety of the interaction.
  • Automation and AI can be long-term resource-saving strategies, analyzing data from customer interactions to help detect fraud and focus staff on designing and refining customer experiences vs. routine maintenance of the status quo.
  • Machine Learning (ML) can provide continuous authentication by monitoring the usage patterns of individual customers. Bad actors can have a more difficult time mimicking click and typing patterns than hacking passwords. By building a profile based on data collection over the life of customer interactions, suspicious activity and anomalies can be recognized and flagged. Data sharing across back-end systems enables efficient collection and sharing of actionable analytics.
  • Instead of overwhelming customers with a fortress of impersonal scrutiny each time they need to access their financial records, micro-segmentation strategies distribute protection closer to the datasets vs. all at the perimeter, streamlining the authentication process and empowering customers to feel that the protection of their information is an intelligent, collaborative process.
  • Customer identity and access management (CIAM) technologies like single sign-on (SSO) can reduce user frustration by offering authentication through already popular cloud services. This is now a common practice, designed to reduce the annoyance of having to enter routine credentials multiple times. Malware-based “man in the browser” or identity theft attacks can be thwarted more often when users are not frustrated by the increasing number of apps and IoT devices that require routine authentication.

Stakeholders in the design process should include risk assessment, security, IT, fraud prevention, privacy, and compliance participants as well as product and service developers. The end result should be a dynamic, flexible solution refined over time with input from customers and employees. According to Theresa Payton, “Security is inherently flawed [when] it doesn't account for the user. If the users don't understand and they need to get their job done, they're actually going to work around security.” An effective balance is born from design thinking that considers both cybersecurity and usability integral to the customer experience.

AT&T is a leading provider of integrated solutions for business, powered by a global network that helps secure more connections than any other communications company in North America. To learn more about balancing the priorities of digital transformation, visit our financial services industry page.