3 Ways U.S. Commercial Banking is Adopting Software Authentication

David Gaudio,

For years, financial institutions (FIs) have relied on hardware authentication for their internal users and customers, but this is shifting as software authentication, also known as mobile authentication or soft token authentication, is gaining adoption. Whether a standalone app or integrated into the organization’s native mobile app, many FIs agree that a migration to software authentication is both beneficial and necessary to remain competitive today.

In an Aite report, Digital Channel Fraud Mitigation: Evolving to Mobile-First, the analyst firm found the shift to software authentication to be a widespread trend. “Aite Group is also seeing banks’ use of hardware authenticators diminish. In a survey of North American bank fraud executives which we published in November 2017, half of the FIs surveyed indicated that they plan to reduce their use of hardware authentication over the next one to two years,” says Julie Conroy, research director at Aite Group.

One of the primary motivations for the migration to software authentication is improving the customer experience. Customers today want a software alternative, as explained by Michael Branigan, Senior Product Manager at Fiserv, “Even though the standard hard token devices are very small keychain-like devices, people do not want to carry them. In addition, if someone loses that hard token device, they may not know for a number of days. If you lose your smartphone, you know within minutes. This gives the client and the bank the ability to shut down the device much more quickly to prevent fraudulent activity.”

To understand the approach that North American FIs are taking, we interviewed three U.S. banks. Each rolled out software authentication to their commercial customer base. While their strategies and stories differ, they all share a common driver: the need to deliver a more convenient, modern experience.

Traditionally, busy CFOs, VPs of Finance, business owners, and other commercial users have had to manage and carry multiple hardware authenticators. With that, they have to remember a multitude of passwords and PINs that are not transferable from one authenticator to another. Today’s customer expects the ease and simplicity of Touch ID and other forms of biometric authentication on mobile devices.

Here are three perspectives on how to successfully introduce a modern, mobile authentication experience.

Bank 1: Software Authentication as an Alternative

When relying exclusively on hardware authenticators, this bank had to contend with two issues. The first was cost. To deliver the authenticators to their commercial customers, the bank would send them by mail. Some authenticators would never arrive. Some would arrive broken. Some would be broken by the customer or simply lost. In the end, the bank was spending money to issue and maintain their hardware authenticators.

The second driver was customer expectations. Software authentication is now an expectation in the market, and if the bank does not support such a solution, clients want to know when they will. This bank aligned their software authentication deployment with the rollout of their new native mobile banking application. In this way, they were able to catch up with the market and provide the integrated authentication experience customers expect, all at once.

This bank opted to present their software authentication deployment as an attractive alternative to the standard hardware authenticators. From there, they made the process of switching or adopting as easy as possible for the customer. The expectation is that customers will flock to it naturally, due to ease-of-use and convenience.

“We’re presenting mobile authentication as an alternative. But once clients start using it, they realize how great it is. It’s just an additional little bonus that you don’t have to use a hardware authenticator unless you really want to—you also have a mobile token option.”

Missing media item.

Bank 2: From Two Apps to One

“When you think about the inconvenience of having to remember to bring your hardware authenticators to the office, having a mobile device is a wonderful solution. Clients absolutely love it. If a bank doesn’t offer the products, services, and usability that clients expect in the marketplace, they will lose business.”

After 15 months using a standalone mobile authenticator app, this bank was happy with their decision. Their commercial customers eagerly transitioned to software authentication, because it meant that they no longer needed to carry around one or multiple hardware authenticators anymore. Instead, they can authenticate with the smartphone they always carry anyway.

To facilitate the rollout, this bank relied on its communication team, as well as a thorough checklist and impact analysis to ensure it went smoothly. FAQs were provided to the helpdesk, and short video snippets were produced for customers. Once deployed, the bank received positive feedback. They expected a gradual adoption that would ramp up over time, but it turned out that their clients had been waiting for just such a solution. As soon as it was pushed live, the solution took off with users.

Now that their customers are comfortable with the standalone app, the bank plans to integrate it into their native mobile banking application. This will improve the customer experience even further. Customers will no longer need to switch between two apps, nor will they need to quickly memorize or write down a one-time password.

Bank 3: Rolling out Software Authentication to New Customers First

The financial industry is undergoing a period of fierce competition and rapid innovation. Banks are under pressure to keep pace, offer new services, and continually improve their services. After relying on hardware authenticators for over 10 years, this bank deployed software authentication to provide their customers the modern experience they have come to expect.

“You need to show that you’re keeping up with the times. If customers don’t see certain functionality, they may think a little less of the bank as a whole.”

When deploying the mobile authenticator app, this bank decided to roll it out to new customers first. All new commercial customers would gain access to software authentication, but the switch was optional for existing customers. With this strategy, the bank expects to see higher adoption over time.

Learn More in this Webinar on Software Authentication

These cases provide insight into the challenges and considerations of migrating to software authentication. However, there is much more to learn. Join us on a webinar, Best Practices for Financial Organizations: Migrating to Software Authentication, for more information on industry trends, firsthand insights, and best practices.

David Gaudio is the Senior Content Writer for all things security and e-signature at OneSpan with nearly ten years’ experience in digital marketing and content creation. David earned his BA in Publishing and Creative Writing and has since worn almost every hat in the digital marketing closet.