Press "Enter" to skip to content

Can You Meet Your Customers’ Identity Fraud Prevention and Digital Banking Demands?

COVID-19 has turned online banking into an essential service, but you don’t need to just take my word for it.  PwC recently concluded that around 25 percent of customers are more likely to use a bank’s website or mobile app because of the pandemic, and nearly as many are less likely to visit a branch for the same reason.

However, while this situation may have pushed more customers online, they aren’t necessarily happier there. A recent J.D. Power study found that the 30 percent of customers who rely on digital channels alone are less satisfied with their bank’s services than the 10 percent of customers who rely on physical branches alone, or the 42 percent who use both.

Amplifying the need for banks to evolve are the results of FICO’s Customer Identity Management Survey, which polled 172 banks and 5,000 people in 8 countries and was released on October 14, 2020.We found financial institutions across North America struggling to deliver a core component of digital banking services – identity verification – without compromising the customer experience.

According to the survey, only 17 percent of North American banks currently verify customer identities using a single digital process that works in real-time. Most require customers to transfer to email, use a separate identity portal or even visit branches or post their documentary evidence. Even when banks do offer an in-channel digital identity verification process, most still don’t validate the identity until later.

Meanwhile, 51 percent of checking account openings require new customers to prove their identity by visiting a branch or posting documents; 25 percent of banks request physical or faxed documents for mortgage or home loan applications; and 15 percent require physical proof for credit card applications. That’s problematic, as a previous FICO survey discovered, 23 percent of customers will abandon opening an account if forced to switch channels to prove their identity.

In other words, banks that force people to prove their identity offline are potentially waving goodbye to applicants, and risk falling behind their competitors as the industry settles into the “new normal”.

How did we get here?

While COVID may have accelerated the migration of customers from physical to online banking, the numbers were always trending in the latter’s direction. The number of digital banking users in the U.S. rose by 20 percent between 2014 and a pre-pandemic 2019, forcing regulation changes such as the proposed Improving Digital Identity Act of 2020, an attempt to develop the type of digital identity verification standards our survey indicates banks would have difficulty meeting.

Yet despite our findings, U.S. and Canadian banks possessed the highest level of confidence in their ability to respond to regulatory changes (76 percent) among the countries surveyed.  They also rated the effectiveness of their identity solutions 15 percent higher than their European, Asian, and Latin American peers.

Interestingly, North American banks place themselves equally in the innovator, fast adopter, and early majority categories when it comes to adopting identity verification technology.  And only 40 percent of U.S. banks see abandoned applications due to identity validation processes as a significant issue.

There is a good chance the disparity between these findings and our identity verification report’s conclusion is a result of European banks facing stricter regulations than their U.S. and Canadian counterparts. North American consumers are also lagging behind other countries in using digital channels to open new accounts: One FICO consumer study found that 75 percent of people in the U.S. were prepared to open accounts digitally versus 78 percent for Canada, 82 percent for Germany, 88 percent for the U.K., and 92 percent for Brazil.This again likely suggests that North American banks need to continue to improve their digital identity verification processes.

It’s also worth noting that U.S. and Canadian banks use digital identity verification tools between 64 and 76 percent of the time for customers opening non-checking accounts, though their rates are still lower than the other countries surveyed (where between 74 and 85 percent of non-checking accounts are opened digitally).These numbers will continue to rise in the future in response to COVID-19 control measures and as the use of electronic documents such as drivers’ licences becomes more commonplace.

What banks are doing now

When it comes to present verification methods, our survey found that broadly, North American banks make greater use of document scanning features than their European and Asia Pacific counterparts. With 70 percent reporting adoption of ease-of-use features such as optical character recognition, and taking a photo to match against a reference image on an identity document.

Also common is checking for spoofed, faked, or recorded sessions using liveness detection, whether active (requiring a subject to obey instructions in real time) or passive (looking for telltale traces of image or video manipulation) – a smart move, since criminals are likely to target banks without such measures in place.

Many payment service providers also rely on SMS-based one-time passcodes (OTP), which have the added benefit of customer approval – in a previous FICO survey, 53 percent of respondents said they were using SMS-based OTPs to protect their financial information.

While it’s encouraging that many banks are on the same page as their customers, they should not rely on a limited number of detection methods, as each has individual vulnerabilities – OTPs, for example, can be hacked as they use the open-source SS7telephony signalling protocol. The key to a successful identity verification system isn’t implementing a single verification method, but layers of them.

To help customers get used to multiple authentication methods, banks need to take them on a journey with evolving security practices that gradually provide greater protection, while reducing friction.

What’s holding them back

The most pressing verification issue among the banks we surveyed is providing a consistent authentication experience, which 53 percent cited as a challenge. Fewer – 29 percent – were concerned about the impact of identity validation at account opening, likely because identity checks are rare while authenticating identity when accounts are accessed and transactions are initiated is a much more common occurrence.

Meanwhile, it’s a positive sign that more banks are not rating factors such as security – the sophistication and volume of unauthorized access attempts – and customer experience, including false declines, more highly, though they remain an issue for between 36 and 42 percent of the banks surveyed.

When asked which technology challenges affect their ability to authenticate customers, 54 percent of respondents cited the time required to change authentication systems, while 47 percent cited the number of different solutions in use. Nearly three-quarters – 74 percent – use risk-based authentication, which helps explain the complexity of making changes to their technology.

 

When it comes to choosing which challenges to address head-on, if the risk of losing potential customers isn’t reason enough for banks to update their identity verification solutions, they should consider compliance too.

Just over half – 53 percent – of respondents to our identity verification survey called their lack of automated identity verification “problematic.” After all, regulations aimed at preventing criminal activity often require banks to review customer identities in the type of consistent, robust manner harder to execute when relying on manual methods, which were historically developed for face-to-face interactions and have since been adapted to the needs of new channels and products.

To an extent, digital identification tools are simply exposing weaknesses in processes that were not designed for digital channels in the first place.

Where do we go from here?

North American banks are under pressure from two sources: the drive for revenue and the need to comply with regulation in a cost-effective way. While many banks are confident in their identity and authentication capabilities, they still need to address:

  • Lost sales and abandoned applications due to identity verification procedures
  • Their inability to verify the identity of some applicants
  • The cost and complexity of adopting multiple systems both for identity verification and authentication

These issues symbolize a need for banks to re-organize their digital systems with a specific focus on the digital banking experience.

Fortunately, our survey also found that 75 percent of banks in the U.S. and Canada plan to invest in a new customer identity management platform within the next three years.  By moving to a more integrated and strategic approach to identity proofing and identity authentication, banks will be able to meet customer expectations while delivering consistently positive digital banking experiences across all of their online channels.

Liz Lasher is Vice President of Fraud, Financial Crime and Cyber Risk at FICO. You can keep with her latest views and fraud-fighting tips on Twitter @LizFightsFraud, or follow her on LinkedIn.


Want to keep reading? This content is for subscribers only.

Log In Register


Comments are closed.

Skip to toolbar