Consumer Security Is No Longer One-Size-Fits-All

Jason Malo, October 1, 2014

In the wake of recent high-profile breaches of personal information, a few things have become apparent to consumers as well as information security professionals. Retailers may be just as susceptible to information theft as financial institutions — the impact to consumers is just as damaging, and there is something severely lacking in the way information is transmitted and secured across the financial ecosystem.

For some consumers, it’s enough to know that financial institutions will cover any financial losses and they accept the current state of affairs as an unfortunate, but all-too-common inconvenience. But for other people, there is a frustrating realization that they lack some basic tools and transparency needed to protect their own information and finances from fraud. Many people want to do more, and the concerted industry effort to make security measures entirely transparent has failed to reassure users as they endure a near-constant compromise of their personal and account information.

The lack of visible and actionable security measures have served to make consumers feel less secure when all they see is breach after breach.

Put simply, the lack of visible and actionable security measures have served to make consumers feel less secure when all they see is breach after breach.

Now, I am not advocating a reversal in the “frictionless” approach to consumer security that has long served as the foundation to consumer usability as it pertains to authentication and consumer security. What is widely discussed, but needs to be hammered upon, is that we now have a consumer base wary to the threats, and the combined capabilities of intelligence and distributed security mechanisms to tailor to the individual risk profiles of every consumer.

Security and usability have been conflicting disciplines in the delivery of digital banking services, but in listening to consumer feedback, we need to realize that there are situations in which our customers want to see security measures. There are cases when an extra security step is seen as a reassurance instead of a hurdle. If we successfully combine risk management and usability disciplines there are even situations where the friction of traditional authentication methods can be removed.

Consumer authentication has matured to a point where we are able to assess transactional risk based on multiple measures of identity, location, transactional, and individual risk. Consumer awareness has also matured in this way. Customers who want to do more to protect themselves are demanding this functionality, and those who are content to have their financial institutions reimburse them for fraud need it even more.

There are a few accessible solutions in the market now. For consumers and businesses, two-factor authentication is becoming a more mainstream replacement of the static password system. Even more encouraging, financial institutions are trending toward behavioral biometrics for risk management and fraud prevention. While adoption rate trends are positive, are businesses moving fast enough to preserve consumer trust?

Jason Malo is a Research Director in CEB TowerGroup's Retail Banking practice and has over 16 years of experience in the development, management, and marketing of online service solutions.