Money transfers: Security and user experience solutions
Organizations looking to thrive must maintain focus on customer experiences that fuel growth. For decades, technological innovation has been a key enabler in this respect. The cloud and the shift toward Web3, in particular, have escalated the pace of innovation, notably when it comes to facilitating “anywhere, anytime” experiences.
Yet, risks are lurking in the wake of this innovation, with customers being exposed to pervasive and well-resourced threats. In fact, today’s customer experiences represent a vulnerable attack surface.
The good news is that dedicated solutions exist to help organizations establish trusted customer relationships and protect them and their customers throughout the customer lifecycle through identity verification and high-assurance user authentication.
High-assurance security is often seen as one end of the spectrum - and the “delightful” customer experience at the other end. But this is not always the case. That’s exactly why today’s financial institutions (FIs) are facing intense competitive pressure to find the right balance between security and experience, so they can unlock their capacity for better, more profitable customer experiences.
Money transfers: What’s at stake?
Trust is at the core of a financial institution's business. That’s why security is so critical – it protects and builds client trust across in-person, digital, and mobile channels for financial transactions of all stripes.
If that were all that was required, things would perhaps be straightforward. But alongside robust security measures, FIs are looking to boost competitiveness in ever-more crowded markets by improving productivity and reducing transaction execution time for clients who otherwise might abandon the process altogether.
Although seemingly at odds, these two realities can, in fact, be complementary. This is especially true given that clients do not necessarily expect or want a wholly frictionless experience.
As OneSpan's Field CTO put it in a recent interview: “You've got to remember that your customers ... don't necessarily want to be feeling that things are invasive, but they also want to feel that there is a level of security. People expect to be protected.”
Business challenges associated with money transfers
1-Security infrastructure
With security comes customer assurance, and with that assurance comes growth. That’s why an increased focus on robust security is non-negotiable.
As noted by Sameer Hajarnis, Chief Product Officer at OneSpan: “With a shift in the attack surface, security will need to be woven throughout the journey and throughout workflows, and it will need to be done seamlessly to avoid disrupting the digital experience that exists ... This will be a top priority for organizations and security companies alike, and proving identity and ensuring trust in digital processes will become the defining factor of success.”
Given OneSpan’s 30-year heritage of industry-leading security, it’s inevitably a key focus of our solutions for FIs. Here are just a few.
| Security infrastructure recommendations: | OneSpan solutions | Technology capability |
| Protect higher value transactions and vulnerable user groups | Personal security devices with biometrics or one-time passwords (OTPs) | |
| Create secure channels between banks and customers, ensuring message authenticity | Convenient and secure WYSIWYS (what-you-see-is-what-you-sign) dynamic linking application technology | |
| Enable strong mobile security & authentication | Seamless mobile authentication & transaction data signing technology, integrated into financial mobile apps | |
| Provide a secure execution environment for mission-critical mobile apps even on compromised mobile devices | Strongest mobile application protection |
2-Attack prevention
As a result of the rise in digital interactions, online fraud has increased dramatically. Millions of individuals and businesses fall victim to social engineering attacks such as APP (authorized push payment) scams that trick them into sending money to accounts controlled by fraudsters.
This is taking place in an industry that is experiencing a veritable surge in mobile malware attacks, where cybercriminals are delivering malicious text messages and applications to users to steal sensitive information including passwords and bank details.
At the same time, social engineering techniques will continue to evolve and be used at scale, meaning FIs must find ways to future-proof online and mobile banking against sophisticated attacks.
| Attack protection recommendations: | OneSpan solutions | Technology capability |
| Protect against adversary-in-the-middle attacks and social engineering | Transaction data signing | |
| Protect against APP (authorized push payment) fraud | Secure channel technology | |
| Protect against reverse engineering and repackaging | Seamless mobile authentication & transaction data signing technology, integrated into financial mobile apps | |
| Protect against overlay attacks, keyloggers, app repackaging, screen reader, and others | Built-in protection for mobile apps, with a fully automated no-code integration process, and with the highest level of security, both at rest and at runtime |
3-Compliance and the customer experience
The financial sector is of course no stranger to regulatory complexity. But in a world where cloud-enabled transactions are taken as a given by customers, the scale of inter-jurisdictional and cross-border intricacies has exploded.
Regulations need to be addressed in a way that is as transparent as possible to the customer, especially when those rules and regulations impact the way customers manage their transactions on a day-to-day basis. For instance, some existing transaction protection practices (e.g., transaction authorization codes via SMS messages) are no longer effective and will be phased out to comply with new versions of regulation standards as well as protocols such as FIDO2.
| Customer experience & compliance recommendations: | OneSpan solutions | Technology capability |
| Meet regulatory compliance requirements while providing a secure and convenient mobile app UX | WYSIWYS (what-you-see-is-what-you-sign) capabilities, dynamic linking, and a broad array of authentication options, including biometrics, FIDO, push notification, and Cronto | |
| Provide higher-assurance authentication and a passwordless experience, including biometrics and FIDO technology | Personal security devices | |
| Provide user-friendly authentication options and biometrics |
| Mobile authenticators |
Next steps and tips for safe money transfers
Once you’ve identified the strategic areas that will undergo transformation and that typically impact money transfer scenarios, bear some technology selection best practices in mind:
- Adopting general-use solutions that are not designed for money transfer applications can lead to user confusion, errors, and high process abandonment rates.
- Ensure you are solving for all channels represented by your clients. Implementing a one-option solution creates a single point of failure, cuts out some user groups, and bottlenecks innovation for digital channels.
Naturally, it can be challenging to identify technology that is designed for fast adoption as well as 100% of your customers’ security requirements. However, it is certainly possible for banks and FIs to provide a consistent and secure user experience across all digital channels, while offering customers maximum flexibility to choose between hardware or software options.
Want to learn more? Talk to a security expert or request a demo to learn how.
